Hi Ade et al, I've opened a pagure PR with a draft (and incomplete) design for the GSS-API authentication: https://pagure.io/test_dogtag_designs/pull-request/8

There are still some areas to be investigated and some open questions. Please give it a once over and provide your thoughts. In particular I would like feedback on the idea to use alternative IAuthManager plugins for authorisation; identities from different IdPs would use different plugins (or different instances of plugins). I think this gives a nice integration when the system providing external identities (e.g. FreeIPA) already has concepts for authorisation of PKI-related operations (again, FreeIPA, certainly for CA and probably also for KRA too). Thanks, and have a nice weekend! Fraser _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel