Kerberos is a single sign on solution. AFAICT, it is the only one that solves the problem completely: You confirm that you are who you say you are, and the remote side confirms that it is who you think it is. It doesn’t work over he public internet only due to the fact that most corporate firewalls block the ports it needs. So we want to be able to do Kerberos, or its equivalent from the browser.
The Dogtag PKI project is a long lived project. It is a Java Web Server based application that predates many of the technologies that now are standards of Java Web development. One requirement that has changed over time is how to access the server remotely. Continue reading
I’ve been working with the PKI/Dogtag code for a while. Over the past couple years, I’ve been more and more comfortable with Git. PKI uses SVN as a centralized Repository. Since Git SVN integration is fairly mature, I’ve been using that to manage my coding. On Monday, I gave a presentation to my team on Git SVN. I’ve taken the outline from the slides and included it here.
Fedora and Debian play the role where many chaotic projects get a degree of charm school: they learn to play nice with a lot of other projects. In Fedora, as near as I can tell, there is only one Java based web application packages as part of the distribution: Dogtag, the Public Key Infrastructure server. As we look at how PKI should look in the future, the dearth of comparable applications packaged for Fedora leaves us with the opportunity for defining a logical and simple standard packing scheme. While I am not there yet, this post is the start of my attempts to organize my thoughts on the subject. I’m looking for input.