[AG-DEV] AG3 certificates
Thomas D. Uram
turam at mcs.anl.gov
Thu Jan 19 03:54:41 CST 2006
Chris: Comments inline...
On 1/18/06 11:50 PM, Christoph Willing wrote:
> I see that certificate management has been removed from
> VenueClientUI.py with the comment:
> # - Disabled for 3.0: No client-side auth support
>
> Initially I was looking for a way to request/retrieve/install user
> certificates - but it seems now that they're not needed. Well, after
> deleting the certificate I was using (with certmgr.py), I find I can
> still start the VenueClient. However the VenueServer won't start
> without it.
>
> At the moment then, if someone wanted a certificate, they'd have to
> have an AG2 VenueClient installed to retrieve a certificate
> (Certificate Manager can request it, certmgr could install it, but
> there's no way to retrieve it after the request is approved).
I'm able to use the standalone CertificateManager.py to retrieve certs.
Is that failing for you?
>
> What about the longer term? VenueClients will have, or will be able to
> have, certificates eventually won't they?
Yes. The complication is that the VenueClient really wants to do single
sign-on as in 2.x with proxy certificates, so that the authenticated
identity can be used by the VenueClient and shared applications and
other standalone apps, but we didn't have that mechanism available
to us until just recently (OpenSSL 0.9.8). Current thinking is that
we will do single signon using the proxy support in OpenSSL for the
next release, but it will remain a Venue option whether a
cert is required or not.
More information about the ag-dev
mailing list