White dot for spacing only
The Dice Project


Task:Public key infrastructure
Group:
Stage:

Description 

X509 certificates are available for both host and user
authentication, and are the only feasible means of authenticating
protocols such as HTTP. We require a clear certification 
infrastructure to manage these, including decisions on signing
policies, revocation and key lifetimes. In addition, a 
method of translating Kerberos credentials to X509 certificates
would be  highly desirable in order to extend single-signon to HTTP.
Issues 

How many CAs - do we have our own (signed by EUCS), or just use 
               EUCS ones.
Certificate policy - lifetime, rollover, management?
Short lived Kerberos->X509 certificates - implementation?
Dependencies


 : Deploy 

Mini Informatics Logo - Link to Main Informatics Page
Please contact us with any comments or corrections.
Unless explicitly stated otherwise, all material is copyright The University of Edinburgh
Spacing Line