Certificate Management stuff
Robert Olson
olson at mcs.anl.gov
Wed Jan 28 13:25:29 CST 2004
>There are solutions to the "certificate on every machine" that can alleviate
>the problem without doing the online ca thing, right? What are those
>solutions? Have you looked at what's already available in the pyGlobus
>MyProxy interfaces?
Either solution would require similar up-front infrastructure, involving
determing which (online CA / my proxy server / what login name), to use for
a given connection to a server.
>I guess all I'm saying is there is a lot of discussion that needs to happen,
>discussion before cvs commits is always good, especially when it's used to
>gain support for your development plans. That one of the main points of
>having the AGEP process, we need to convince each other, during that process
>many opportunities for improving our plans may be exposed. I'm not against
>your plan, just want to make sure it's the best one before I can say, "yeah,
>that's the way to go."
The point is that I'm not yet convinced myself of how this needs to be
done, and need to do the groundwork to determine it. I want to do this
groundwork before we do a major release so that we don't get nailed for
having missed some piece of underlayment that was required but would be
more work than we want to put into a minor release later on.
> > Like I said; the first set of changes is largely in place
> > already but we need to get newer pyGlobus (with the
> > exceptions support) in place for people or it will break; I'd
> > rather not add code to handle both old and new pyGLobus.
>
>This is something Matt is working on, right? Are you keeping in synch with
>him so this enables you as quickly as possible?
I'm enabled :-) it's the rest of the group that would get hit. I'm assuming
since I've not heard otherwise that he's seen the changes (since I sent
them out on the topic earlier) and he'll drop by with questions as they
occur. I'll give him a poke too.
--bob
More information about the ag-dev
mailing list