Ticket #192 (closed task: fixed)

Opened 13 years ago

Last modified 11 years ago

[S] SimpleCA Web Services - functionality for certificate revocation + MyProxy repository cred delete

Reported by: pjkersha Owned by: pjkersha
Priority: required Milestone: NDG2 Cleanup
Component: security Version:
Keywords: Certificate Authority, certificate, MyProxy, SimpleCA Cc:

Description (last modified by pjkersha) (diff)

Include functionality to allow certificates to be revoked. Requires new SimpleCA WS method and change to SessionMgr/MyProxy interface to make sure certificate is removed from MyProxy repository.

Change History

comment:1 Changed 13 years ago by pjkersha

  • Description modified (diff)

comment:2 Changed 13 years ago by pjkersha

  • Summary changed from SimpleCA Web Services - functionality for certificate revocation to [S] SimpleCA Web Services - functionality for certificate revocation

comment:3 Changed 13 years ago by pjkersha

  • Summary changed from [S] SimpleCA Web Services - functionality for certificate revocation to [S] SimpleCA Web Services - functionality for certificate revocation + MyProxy repository cred delete

Include MyProxy? here too - need to have delete credentials MyProxy? client method also. This could call SimpleCA WS at the same time to revoke the certificate concerned.

comment:4 Changed 12 years ago by selatham

  • Milestone changed from BETA to PROD Step2

comment:5 Changed 11 years ago by pjkersha

  • Status changed from new to closed
  • Resolution set to fixed

The way MyProxy is deployed has changed. It's now configured at NDG sites to run with a SimpleCA. Credentials are dynamically issued based on details held in the site's user db. No permanent user credentials exist. User's credentials are effectively revoked if their database entry is removed or disabled.

Services such as MyProxy, the Attribute Authority, Session Manager do have permanent credentials. These can be revoked via OpenSSL and the CA hosted at the NDG site.

Note: See TracTickets for help on using tickets.