<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
		<id>https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Chad+Lung</id>
		<title>OpenStack - User contributions [en]</title>
		<link rel="self" type="application/atom+xml" href="https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Chad+Lung"/>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/wiki/Special:Contributions/Chad_Lung"/>
		<updated>2026-07-03T10:30:36Z</updated>
		<subtitle>User contributions</subtitle>
		<generator>MediaWiki 1.28.2</generator>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=55032</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=55032"/>
				<updated>2014-06-05T18:27:42Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Running Barbican via DevStack */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install libffi-dev libssl-dev git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/openstack/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/local.conf devstack/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ sudo ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ sudo mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To shutdown Barbican (and it's dependent services) simply run this:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./unstack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors - assuming you've enabled compute because we don't by default in the local.conf) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=55029</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=55029"/>
				<updated>2014-06-05T18:24:30Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Running Barbican via DevStack */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install libffi-dev libssl-dev git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/openstack/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/local.conf devstack/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ sudo ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ sudo mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors - assuming you've enabled compute because we don't by default in the local.conf) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=54586</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=54586"/>
				<updated>2014-06-02T22:12:18Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Running Barbican via DevStack */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install libffi-dev libssl-dev git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/openstack/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ sudo ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ sudo mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
You'll need to create and edit a file called '''local.conf''':&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ nano local.conf&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To just run Barbican and required services add the following into the '''local.conf''' file and modify the passwords as required:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
[[local|localrc]]&lt;br /&gt;
disable_all_services&lt;br /&gt;
enable_service rabbit mysql key barbican&lt;br /&gt;
&lt;br /&gt;
# We do this to keep the token small so we don't run into issues&lt;br /&gt;
# with the token being too large in the headers, this works great&lt;br /&gt;
# for testing, etc.&lt;br /&gt;
KEYSTONE_TOKEN_FORMAT=UUID&lt;br /&gt;
&lt;br /&gt;
DATABASE_PASSWORD=password&lt;br /&gt;
RABBIT_PASSWORD=password&lt;br /&gt;
SERVICE_TOKEN=password&lt;br /&gt;
SERVICE_PASSWORD=password&lt;br /&gt;
ADMIN_PASSWORD=password&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=54569</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=54569"/>
				<updated>2014-06-02T20:00:30Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Running Barbican via DevStack */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ $ sudo apt-get install libffi-dev libssl-dev git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/openstack/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ sudo ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ sudo mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
You'll need to create and edit a file called '''local.conf''':&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ nano local.conf&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To just run Barbican and required services add the following into the '''local.conf''' file and modify the passwords as required:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
[[local|localrc]]&lt;br /&gt;
disable_all_services&lt;br /&gt;
enable_service rabbit mysql key barbican&lt;br /&gt;
&lt;br /&gt;
# We do this to keep the token small so we don't run into issues&lt;br /&gt;
# with the token being too large in the headers, this works great&lt;br /&gt;
# for testing, etc.&lt;br /&gt;
KEYSTONE_TOKEN_FORMAT=UUID&lt;br /&gt;
&lt;br /&gt;
DATABASE_PASSWORD=password&lt;br /&gt;
RABBIT_PASSWORD=password&lt;br /&gt;
SERVICE_TOKEN=password&lt;br /&gt;
SERVICE_PASSWORD=password&lt;br /&gt;
ADMIN_PASSWORD=password&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=54536</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=54536"/>
				<updated>2014-06-02T16:32:34Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Running Barbican via DevStack */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/openstack/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ sudo ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ sudo mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
You'll need to create and edit a file called '''local.conf''':&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ nano local.conf&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To just run Barbican and required services add the following into the '''local.conf''' file and modify the passwords as required:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
[[local|localrc]]&lt;br /&gt;
disable_all_services&lt;br /&gt;
enable_service rabbit mysql key barbican&lt;br /&gt;
&lt;br /&gt;
# We do this to keep the token small so we don't run into issues&lt;br /&gt;
# with the token being too large in the headers, this works great&lt;br /&gt;
# for testing, etc.&lt;br /&gt;
KEYSTONE_TOKEN_FORMAT=UUID&lt;br /&gt;
&lt;br /&gt;
DATABASE_PASSWORD=password&lt;br /&gt;
RABBIT_PASSWORD=password&lt;br /&gt;
SERVICE_TOKEN=password&lt;br /&gt;
SERVICE_PASSWORD=password&lt;br /&gt;
ADMIN_PASSWORD=password&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=52639</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=52639"/>
				<updated>2014-05-19T15:54:53Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-roadmap Barbican Juno Roadmap]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/secret-store Secret Store (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=52301</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=52301"/>
				<updated>2014-05-14T18:03:29Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/secret-store Secret Store (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=52244</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=52244"/>
				<updated>2014-05-14T01:44:59Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzales, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.&lt;br /&gt;
&lt;br /&gt;
The plan is to have something generic enough that plugins can be created for numerous certificate authority back ends like [http://www.symantec.com/page.jsp?id=ssl-information-center Symantec], [http://pki.fedoraproject.org/wiki/PKI_Main_Page Dogtag], etc. These plugins would be enabled through Barbican. Barbican would act as a proxy to send the incoming order (certificate) to the appropriate plugin. All plugins would share a common interface. The workflow for issuing new and modifying existing certificates would live inside of the plugins.&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
''This is a work in progress''&lt;br /&gt;
&lt;br /&gt;
* Barbican would need to modified to allow for plugins to be called based upon order types&lt;br /&gt;
* Investigate how alerts should be dispatched and build that piece accordingly&lt;br /&gt;
* See the [https://wiki.openstack.org/wiki/Barbican/Blueprints/ssl-certificates#References references section] for additional blueprints that this work would be dependent on&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51759</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51759"/>
				<updated>2014-05-08T18:43:39Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51757</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51757"/>
				<updated>2014-05-08T18:42:45Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Barbican Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51749</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51749"/>
				<updated>2014-05-08T17:53:41Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=51625</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=51625"/>
				<updated>2014-05-07T18:31:44Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Running Barbican via DevStack */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/stackforge/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
You'll need to create and edit a file called '''local.conf''':&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ nano local.conf&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To just run Barbican and required services add the following into the '''local.conf''' file and modify the passwords as required:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
[[local|localrc]]&lt;br /&gt;
disable_all_services&lt;br /&gt;
enable_service rabbit mysql key barbican&lt;br /&gt;
&lt;br /&gt;
KEYSTONE_TOKEN_FORMAT=UUID&lt;br /&gt;
&lt;br /&gt;
DATABASE_PASSWORD=password&lt;br /&gt;
RABBIT_PASSWORD=password&lt;br /&gt;
SERVICE_TOKEN=password&lt;br /&gt;
SERVICE_PASSWORD=password&lt;br /&gt;
ADMIN_PASSWORD=password&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51001</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51001"/>
				<updated>2014-05-02T20:41:57Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51000</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=51000"/>
				<updated>2014-05-02T20:41:26Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=50933</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=50933"/>
				<updated>2014-05-02T15:41:00Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Running Barbican via DevStack */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/stackforge/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
You'll need to create and edit a file called '''local.conf''':&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ nano local.conf&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To just run Barbican and required services add the following into the '''local.conf''' file and modify the passwords as required:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
[[local|localrc]]&lt;br /&gt;
disable_all_services&lt;br /&gt;
enable_service rabbit mysql key barbican&lt;br /&gt;
&lt;br /&gt;
KEYSTONE_TOKEN_FORMAT=UUID&lt;br /&gt;
&lt;br /&gt;
DATABASE_PASSWORD=password&lt;br /&gt;
RABBIT_PASSWORD=password&lt;br /&gt;
SERVICE_TOKEN=password&lt;br /&gt;
SERVICE_PASSWORD=password&lt;br /&gt;
ADMIN_PASSWORD=password&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanAutomation&amp;diff=47685</id>
		<title>BarbicanAutomation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanAutomation&amp;diff=47685"/>
				<updated>2014-04-03T18:28:07Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Organization of Chef Cookbooks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Organization of Chef Cookbooks ==&lt;br /&gt;
&lt;br /&gt;
For Chef development we are using Berkshelf to manage our cookbooks. Since we are using Berkshelf our cookbooks are located in separate individual repositories, located here: [https://github.com/cloudkeep-ops cloudkeep-ops].&lt;br /&gt;
&lt;br /&gt;
There are four main cookbooks to deploy the Barbican application:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep-ops/chef-barbican Chef Barbican] - Includes recipes for deploying Barbican Worker and API nodes&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-postgresql Barbican Postgres] - Wrapper cookbook for configuring Postgresql in a Barbican cluster&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-rabbitmq Barbican RabbitMQ] - Wrapper cookbook for configuring RabbitMQ in a Barbican cluster&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The cookbooks have been designed that they can be deployed with or without a Chef server.&lt;br /&gt;
&lt;br /&gt;
Instructions for deploying individual cookbooks can be found on each of the respective '''Read Me''' docs.&lt;br /&gt;
&lt;br /&gt;
== Search Discovery ==&lt;br /&gt;
&lt;br /&gt;
Each cookbook implements a search discovery pattern for Chef server search. &lt;br /&gt;
&lt;br /&gt;
The search discovery is a pattern can be detailed as:&lt;br /&gt;
&lt;br /&gt;
* The use of search discovery is optional&lt;br /&gt;
* Allows the user to override the search query used via a node attribute&lt;br /&gt;
* Allow the user to specify what node attribute contains the IPv4 address of discovered nodes&lt;br /&gt;
* Chef searches are contained inside an individual recipe named '''search_discovery.rb'''&lt;br /&gt;
* The results of the search discovery recipe are stored in node attributes&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47684</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47684"/>
				<updated>2014-04-03T18:18:19Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanAutomation&amp;diff=47683</id>
		<title>BarbicanAutomation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanAutomation&amp;diff=47683"/>
				<updated>2014-04-03T18:17:48Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Organization of Chef Cookbooks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Organization of Chef Cookbooks ==&lt;br /&gt;
&lt;br /&gt;
For Chef development we are using Berkshelf to manage our cookbooks. Since we are using Berkshelf our cookbooks are located in separate individual repositories, located here: [https://github.com/cloudkeep-ops cloudkeep-ops].&lt;br /&gt;
&lt;br /&gt;
There are four main cookbooks to deploy the Barbican application:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep-ops/chef-barbican Chef Barbican] - Includes recipes for deploying Barbican Worker and API nodes&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-postgresql Barbican Postgres] - Wrapper cookbook for configuring Postgresql in a Barbican cluster&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-rabbitmq Barbican RabbitMQ] - Wrapper cookbook for configuring RabbitMQ in a Barbican cluster&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The cookbooks have been designed that they can be deployed with or without a Chef server.&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanAutomation&amp;diff=47682</id>
		<title>BarbicanAutomation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanAutomation&amp;diff=47682"/>
				<updated>2014-04-03T18:17:34Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: Created page with &amp;quot;== Organization of Chef Cookbooks ==  For Chef development we are using Berkshelf to manage our cookbooks. Since we are using Berkshelf our cookbooks are located in separate i...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Organization of Chef Cookbooks ==&lt;br /&gt;
&lt;br /&gt;
For Chef development we are using Berkshelf to manage our cookbooks. Since we are using Berkshelf our cookbooks are located in separate individual repositories, located here: [https://github.com/cloudkeep-ops cloudkeep-ops].&lt;br /&gt;
&lt;br /&gt;
There are four main cookbooks to deploy the Barbican application:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep-ops/chef-barbican Chef Barbican] - Includes recipes for deploying Barbican Worker and API nodes&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-postgresql Barbican Postgres] - Wrapper cookbook for configuring Postgresql in a Barbican cluster&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-rabbitmq Barbican RabbitMQ] - Wrapper cookbook for configuring RabbitMQ in a Barbican cluster&lt;br /&gt;
&lt;br /&gt;
The cookbooks have been designed that they can be deployed with or without a Chef server.&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47678</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47678"/>
				<updated>2014-04-03T17:54:54Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* TODO&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47542</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47542"/>
				<updated>2014-04-02T20:49:22Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Technical Details */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47541</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47541"/>
				<updated>2014-04-02T20:49:00Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Technical Details */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [Setting up a local Barbican Cluster using Vagrant https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47540</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47540"/>
				<updated>2014-04-02T20:43:26Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Technical Details */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=47539</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=47539"/>
				<updated>2014-04-02T20:42:18Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: Created page with &amp;quot;== Running Barbican via DevStack ==  Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS):  &amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt; $ sudo apt-get update $ sudo apt-get install git -y $ git c...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/stackforge/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
You'll need to create and edit a file called '''local.conf''':&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ nano local.conf&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Add the following into the '''local.conf''' file and modify the passwords as required:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
[[local|localrc]]&lt;br /&gt;
enable_service barbican&lt;br /&gt;
KEYSTONE_TOKEN_FORMAT=UUID&lt;br /&gt;
&lt;br /&gt;
# If you don't need these services&lt;br /&gt;
# un-comment them to speed up&lt;br /&gt;
# the DevStack install time&lt;br /&gt;
#disable_service horizon&lt;br /&gt;
#disable_service glance&lt;br /&gt;
#disable_service cinder&lt;br /&gt;
#disable_service nova&lt;br /&gt;
&lt;br /&gt;
DATABASE_PASSWORD=password&lt;br /&gt;
RABBIT_PASSWORD=password&lt;br /&gt;
SERVICE_TOKEN=password&lt;br /&gt;
SERVICE_PASSWORD=password&lt;br /&gt;
ADMIN_PASSWORD=password&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47528</id>
		<title>Barbican/Incubation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47528"/>
				<updated>2014-04-02T19:45:59Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Icehouse */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Project Codename ==&lt;br /&gt;
[http://en.wikipedia.org/wiki/Barbican Barbican]&lt;br /&gt;
&lt;br /&gt;
== Trademarks ==&lt;br /&gt;
There are no other parts of the Barbican project that will be part of OpenStack.&lt;br /&gt;
&lt;br /&gt;
== Summary ==&lt;br /&gt;
Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds.&lt;br /&gt;
&lt;br /&gt;
== Mission Statement == &lt;br /&gt;
To produce an OpenStack key management API that simplifies the creation, management and use of keying material for encryption purposes. We plan to achieve this by creating and maintaining a Python service, libraries and documentation as well as working with other OpenStack projects to enable encryption features for their customers and internal infrastructure.&lt;br /&gt;
&lt;br /&gt;
== Detailed Description ==&lt;br /&gt;
The current state of key management is atrocious. While Windows does have some decent options through the use of the Data Protection API (DPAPI) and Active Directory, Linux lacks a cohesive story around how to manage keys for application use.&lt;br /&gt;
&lt;br /&gt;
Barbican was designed to solve this problem. The system was motivated by internal Rackspace needs, requirements from OpenStack and a realization that the current state of the art could use some help.&lt;br /&gt;
&lt;br /&gt;
Barbican will handle many types of secrets, including:&lt;br /&gt;
&lt;br /&gt;
* Symmetric Keys - Used to perform reversible encryption of data at rest, typically using the AES algorithm set. This type of key is required to enable features like [http://www.openstack.org/software/openstack-storage/ encrypted Swift containers and Cinder volumes], [http://www.rackspace.com/cloud/backup/ encrypted Cloud Backups], [https://wiki.openstack.org/wiki/MessageSecurity Message Signing], etc.&lt;br /&gt;
* Asymmetric Keys - Asymmetric key pairs (sometimes referred to as public / private keys) are used in many scenarios where communication between untrusted parties is desired. The most common case is with SSL/TLS certificates, but also is used in solutions like SSH keys, S/MIME (mail) encryption and digital signatures.&lt;br /&gt;
* Raw Secrets - Barbican stores secrets as a base64 encoded block of data (encrypted, naturally). Clients can use the API to store any secrets in any format they desire. The Postern agent is capable of presenting these secrets in various formats to ease integration.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For the symmetric and asymmetric key types, Barbican supports full lifecycle management including provisioning, expiration, reporting, etc. A plugin system allows for multiple certificate authority support (including public and private CAs).&lt;br /&gt;
&lt;br /&gt;
== Scope ==&lt;br /&gt;
Barbican plans to address issues related to the key management process. This includes key generation, lifecycle management and revocation as well as ancillary services like auditing, logging and compliance concerns. We plan to support a variety of key types include symmetric keys (e.g. AES) and various asymmetric keys including RSA / DSA / ECC keys for use with SSL/TLS, SSH and signing. Additionally, Barbican provides pluggable interfaces to use specialized Hardware Security Modules (HSMs) to provide additional security and compliance as well as a strong source of randomness.  &lt;br /&gt;
&lt;br /&gt;
=== Deliverables ===&lt;br /&gt;
The Barbican project will produce two deliverables:&lt;br /&gt;
# barbican - Python ReST API for performing key management&lt;br /&gt;
# python-barbicanclient - A python library providing access to features of the Barbican API&lt;br /&gt;
&lt;br /&gt;
== Roadmap ==&lt;br /&gt;
Barbican has been participating in the OpenStack release toolchain for the Havana cycle. Our blueprints and milestones can be seen in [https://launchpad.net/barbican Launchpad]. As a result, we have completed our MVP set of functionality which is detailed below along with our future plans. &lt;br /&gt;
&lt;br /&gt;
In the long term, we see most OpenStack services depending on Barbican to deliver encryption services. In addition, we see customers of an OpenStack cloud also relying directly on Barbican for secret provisioning and storage. We see potential integrations in the following areas:&lt;br /&gt;
&lt;br /&gt;
* Encryption at Rest: Nova, Cinder, Trove, Ironic, Glance, Swift, Marconi, Savannah&lt;br /&gt;
* Key Distribution / Management: Nova, Keystone, Neutron, Heat&lt;br /&gt;
* Signing / Data Verification: Oslo, Marconi&lt;br /&gt;
* Encryption in Flight: Any systems that use SSL, but especially systems that spin resources that need transport protection like Trove or Savannah&lt;br /&gt;
&lt;br /&gt;
=== Havana (1.0) ===&lt;br /&gt;
These features are all complete.&lt;br /&gt;
&lt;br /&gt;
* API support for CRUD of secrets&lt;br /&gt;
* API support for certificate / key creation requests (orders)&lt;br /&gt;
* Chef infrastructure for configuration management&lt;br /&gt;
* RBAC support&lt;br /&gt;
* Crypto plugin model for Hardware Security Module (HSM) support&lt;br /&gt;
* 'Dev' plugin for a crypto backend (in place of HSM)&lt;br /&gt;
* python-barbicanclient python library&lt;br /&gt;
* keep command line client (part of python-barbicanclient)&lt;br /&gt;
&lt;br /&gt;
=== Icehouse ===&lt;br /&gt;
* Support for [https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes transparent encryption for Cinder volumes]&lt;br /&gt;
* KIMP backend support (based on a third-party library contribution)&lt;br /&gt;
* KDS service for [https://wiki.openstack.org/wiki/MessageSecurity message signing]&lt;br /&gt;
* Support for provisioning SSL/TLS certificates from public CAs (plugin based, Symantec CAs first)&lt;br /&gt;
* Support API for [https://fedorahosted.org/certmonger/ certmonger] tool&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Blueprints/dogtag-plugin Backend support for Dogtag (based on third party contributions)]&lt;br /&gt;
* Support for [https://wiki.openstack.org/wiki/Swift/server-side-enc object encryption in swift] (third party contributions)&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Blueprints/ssl-certificates Provisioning SSL/TLS from internal CAs]&lt;br /&gt;
* Support for the Microsoft CA infrastructure&lt;br /&gt;
* Support for DEK storage in HSM&lt;br /&gt;
* Advanced auditing, logging and reporting&lt;br /&gt;
* Compliance with various regimes including PCI, HIPAA, SOX, etc. Possibly FIPS / FISMA&lt;br /&gt;
&lt;br /&gt;
== Project Resources ==&lt;br /&gt;
* Server Source Code: https://github.com/stackforge/barbican&lt;br /&gt;
* Client Source Code: https://github.com/cloudkeep/python-barbicanclient&lt;br /&gt;
* Language: [http://www.python.org/ Python]&lt;br /&gt;
* License: [https://github.com/stackforge/barbican/blob/master/LICENSE Apache 2.0]&lt;br /&gt;
&lt;br /&gt;
== Team ==&lt;br /&gt;
The following are the team members currently working on Barbican. In addition to this list, the community has contributed code, documentation, architectural review and other support. These include representatives from Rackspace, HP, RedHat, Nebula and more. All members below have signed the OpenStack CLA prior to writing any Barbican code.&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/jarretraim Jarret Raim] is the proposed technical lead. Jarret is the Cloud Security Product Manager at Rackspace and is in charge of the Barbican effort. Jarret did security research as part of his undergraduate and graduate work. Since graduating, Jarret has worked as a developer at Southwest Research Institute and a security consultant at Denim Group before moving to Rackspace.&lt;br /&gt;
* [https://github.com/jfwood John Wood] is a developer on the Barbican project. John is a senior developer at Rackspace. John has worked on enterprise systems at Southwest Research Institute, 360Commerce (now Oracle Retail) and Nationwide. Prior to that he developed firmware for telecommunications and signal processing applications.&lt;br /&gt;
* [https://github.com/dmend Douglas Mendizabal] is a developer on the Barbican project.  Doug joined Rackspace earlier this year, where he contributed to Project Meniscus before joining the Barbican team.  Prior to joining Rackspace, Doug was a secure software development consultant at Denim Group where he helped development of web apps, mobile apps, and web services in various different languages.&lt;br /&gt;
* [https://github.com/reaperhulk Paul Kehrer] is our crypto expert on the Barbican project. He has experience running a public certificate authority as well as doing significant open source work in cryptography by writing and maintaining [https://github.com/r509/r509 r509], a ruby library for managing a certificate infrastructure and [https://github.com/pyca/cryptography cryptography], a modern python crypto library.&lt;br /&gt;
* [https://github.com/jmvrbanac John Vrbanac] is our test lead on the Barbican effort. John's background is primarily in enterprise software development. Before joining Rackspace and the Barbican effort, John was a lead developer for Pearson on their flagship online testing platform. Recently, he has been contributing to the open-source world through the writing and maintaining of [https://github.com/jmvrbanac/specter Specter], a code-centric Python BDD framework, as well as contributing to projects such as: [https://github.com/zinic/pynsive Pynsive], [https://github.com/borisyankov/DefinitelyTyped DefinitelyTyped], and the [http://developer.ubuntu.com/api/qml/sdk-1.0/ Ubuntu API website].&lt;br /&gt;
* [https://github.com/chadlung Chad Lung] is a developer on the Barbican project. Chad previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and [http://atomhopper.org/ Atom Hopper]. Chad joined Rackspace in 2011. Previously he worked for Pearson.&lt;br /&gt;
* [https://github.com/stevendgonzales Steven Gonzalez] is a developer on the Barbican project. Steven previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and joined Rackspace in 2013. Previously he worked at UTSA.&lt;br /&gt;
&lt;br /&gt;
== Infrastructure Requirements ==&lt;br /&gt;
Barbican is currently on StackForge using Gerrit and Jenkins to run the unit test suite and flake8. An integration and testing environment are set up on Rackspace public cloud. In addition to the Cloud environments, Barbican has two staging environments with physical servers and HSMs for testing integration and replication use cases.&lt;br /&gt;
&lt;br /&gt;
== Tasks for Incubation (Barbican was incubated on March 10, 2014) ==&lt;br /&gt;
The following are tasks for Barbican that have been brought up as part of the incubation process as well as some changes that we felt were in the spirit of incubation.&lt;br /&gt;
&lt;br /&gt;
===  Barbican ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64468/ Review]] Move to global requirements&lt;br /&gt;
# [[https://review.openstack.org/#/c/60551/ Review]] Move Barbican to pbr&lt;br /&gt;
# [[https://review.openstack.org/#/c/60427/ Review]] Use oslo.messaging instead of celery&lt;br /&gt;
# [[https://review.openstack.org/#/c/74530 Review]] Set up a basic devstack-gate job (https://review.openstack.org/#/c/57098/)&lt;br /&gt;
# [[https://review.openstack.org/#/c/69512/ Review]] Move to supporting testr&lt;br /&gt;
&lt;br /&gt;
=== python-barbicanclient ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64573/ Review]] Rename command line client to barbican to be more in line with rest of openstack&lt;br /&gt;
# [[https://review.openstack.org/#/c/64851/ Review]] Migrate python-barbicanclient to pbr&lt;br /&gt;
# [[https://github.com/stackforge/python-barbicanclient GitHub] / [https://review.openstack.org/#/q/status:merged+project:stackforge/python-barbicanclient,n,z Gerrit] / [https://review.openstack.org/#/c/60101 Review]] Move python-barbicanclient repository to stackforge&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47527</id>
		<title>Barbican/Incubation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47527"/>
				<updated>2014-04-02T19:45:20Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Future */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Project Codename ==&lt;br /&gt;
[http://en.wikipedia.org/wiki/Barbican Barbican]&lt;br /&gt;
&lt;br /&gt;
== Trademarks ==&lt;br /&gt;
There are no other parts of the Barbican project that will be part of OpenStack.&lt;br /&gt;
&lt;br /&gt;
== Summary ==&lt;br /&gt;
Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds.&lt;br /&gt;
&lt;br /&gt;
== Mission Statement == &lt;br /&gt;
To produce an OpenStack key management API that simplifies the creation, management and use of keying material for encryption purposes. We plan to achieve this by creating and maintaining a Python service, libraries and documentation as well as working with other OpenStack projects to enable encryption features for their customers and internal infrastructure.&lt;br /&gt;
&lt;br /&gt;
== Detailed Description ==&lt;br /&gt;
The current state of key management is atrocious. While Windows does have some decent options through the use of the Data Protection API (DPAPI) and Active Directory, Linux lacks a cohesive story around how to manage keys for application use.&lt;br /&gt;
&lt;br /&gt;
Barbican was designed to solve this problem. The system was motivated by internal Rackspace needs, requirements from OpenStack and a realization that the current state of the art could use some help.&lt;br /&gt;
&lt;br /&gt;
Barbican will handle many types of secrets, including:&lt;br /&gt;
&lt;br /&gt;
* Symmetric Keys - Used to perform reversible encryption of data at rest, typically using the AES algorithm set. This type of key is required to enable features like [http://www.openstack.org/software/openstack-storage/ encrypted Swift containers and Cinder volumes], [http://www.rackspace.com/cloud/backup/ encrypted Cloud Backups], [https://wiki.openstack.org/wiki/MessageSecurity Message Signing], etc.&lt;br /&gt;
* Asymmetric Keys - Asymmetric key pairs (sometimes referred to as public / private keys) are used in many scenarios where communication between untrusted parties is desired. The most common case is with SSL/TLS certificates, but also is used in solutions like SSH keys, S/MIME (mail) encryption and digital signatures.&lt;br /&gt;
* Raw Secrets - Barbican stores secrets as a base64 encoded block of data (encrypted, naturally). Clients can use the API to store any secrets in any format they desire. The Postern agent is capable of presenting these secrets in various formats to ease integration.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For the symmetric and asymmetric key types, Barbican supports full lifecycle management including provisioning, expiration, reporting, etc. A plugin system allows for multiple certificate authority support (including public and private CAs).&lt;br /&gt;
&lt;br /&gt;
== Scope ==&lt;br /&gt;
Barbican plans to address issues related to the key management process. This includes key generation, lifecycle management and revocation as well as ancillary services like auditing, logging and compliance concerns. We plan to support a variety of key types include symmetric keys (e.g. AES) and various asymmetric keys including RSA / DSA / ECC keys for use with SSL/TLS, SSH and signing. Additionally, Barbican provides pluggable interfaces to use specialized Hardware Security Modules (HSMs) to provide additional security and compliance as well as a strong source of randomness.  &lt;br /&gt;
&lt;br /&gt;
=== Deliverables ===&lt;br /&gt;
The Barbican project will produce two deliverables:&lt;br /&gt;
# barbican - Python ReST API for performing key management&lt;br /&gt;
# python-barbicanclient - A python library providing access to features of the Barbican API&lt;br /&gt;
&lt;br /&gt;
== Roadmap ==&lt;br /&gt;
Barbican has been participating in the OpenStack release toolchain for the Havana cycle. Our blueprints and milestones can be seen in [https://launchpad.net/barbican Launchpad]. As a result, we have completed our MVP set of functionality which is detailed below along with our future plans. &lt;br /&gt;
&lt;br /&gt;
In the long term, we see most OpenStack services depending on Barbican to deliver encryption services. In addition, we see customers of an OpenStack cloud also relying directly on Barbican for secret provisioning and storage. We see potential integrations in the following areas:&lt;br /&gt;
&lt;br /&gt;
* Encryption at Rest: Nova, Cinder, Trove, Ironic, Glance, Swift, Marconi, Savannah&lt;br /&gt;
* Key Distribution / Management: Nova, Keystone, Neutron, Heat&lt;br /&gt;
* Signing / Data Verification: Oslo, Marconi&lt;br /&gt;
* Encryption in Flight: Any systems that use SSL, but especially systems that spin resources that need transport protection like Trove or Savannah&lt;br /&gt;
&lt;br /&gt;
=== Havana (1.0) ===&lt;br /&gt;
These features are all complete.&lt;br /&gt;
&lt;br /&gt;
* API support for CRUD of secrets&lt;br /&gt;
* API support for certificate / key creation requests (orders)&lt;br /&gt;
* Chef infrastructure for configuration management&lt;br /&gt;
* RBAC support&lt;br /&gt;
* Crypto plugin model for Hardware Security Module (HSM) support&lt;br /&gt;
* 'Dev' plugin for a crypto backend (in place of HSM)&lt;br /&gt;
* python-barbicanclient python library&lt;br /&gt;
* keep command line client (part of python-barbicanclient)&lt;br /&gt;
&lt;br /&gt;
=== Icehouse ===&lt;br /&gt;
* Support for [https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes transparent encryption for Cinder volumes]&lt;br /&gt;
* KIMP backend support (based on a third-party library contribution)&lt;br /&gt;
* KDS service for [https://wiki.openstack.org/wiki/MessageSecurity message signing]&lt;br /&gt;
* Support for provisioning SSL/TLS certificates from public CAs (plugin based, Symantec CAs first)&lt;br /&gt;
* Support API for [https://fedorahosted.org/certmonger/ certmonger] tool&lt;br /&gt;
* Backend support for Dogtag (based on third party contributions)&lt;br /&gt;
* Support for [https://wiki.openstack.org/wiki/Swift/server-side-enc object encryption in swift] (third party contributions)&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Blueprints/ssl-certificates Provisioning SSL/TLS from internal CAs]&lt;br /&gt;
* Support for the Microsoft CA infrastructure&lt;br /&gt;
* Support for DEK storage in HSM&lt;br /&gt;
* Advanced auditing, logging and reporting&lt;br /&gt;
* Compliance with various regimes including PCI, HIPAA, SOX, etc. Possibly FIPS / FISMA&lt;br /&gt;
&lt;br /&gt;
== Project Resources ==&lt;br /&gt;
* Server Source Code: https://github.com/stackforge/barbican&lt;br /&gt;
* Client Source Code: https://github.com/cloudkeep/python-barbicanclient&lt;br /&gt;
* Language: [http://www.python.org/ Python]&lt;br /&gt;
* License: [https://github.com/stackforge/barbican/blob/master/LICENSE Apache 2.0]&lt;br /&gt;
&lt;br /&gt;
== Team ==&lt;br /&gt;
The following are the team members currently working on Barbican. In addition to this list, the community has contributed code, documentation, architectural review and other support. These include representatives from Rackspace, HP, RedHat, Nebula and more. All members below have signed the OpenStack CLA prior to writing any Barbican code.&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/jarretraim Jarret Raim] is the proposed technical lead. Jarret is the Cloud Security Product Manager at Rackspace and is in charge of the Barbican effort. Jarret did security research as part of his undergraduate and graduate work. Since graduating, Jarret has worked as a developer at Southwest Research Institute and a security consultant at Denim Group before moving to Rackspace.&lt;br /&gt;
* [https://github.com/jfwood John Wood] is a developer on the Barbican project. John is a senior developer at Rackspace. John has worked on enterprise systems at Southwest Research Institute, 360Commerce (now Oracle Retail) and Nationwide. Prior to that he developed firmware for telecommunications and signal processing applications.&lt;br /&gt;
* [https://github.com/dmend Douglas Mendizabal] is a developer on the Barbican project.  Doug joined Rackspace earlier this year, where he contributed to Project Meniscus before joining the Barbican team.  Prior to joining Rackspace, Doug was a secure software development consultant at Denim Group where he helped development of web apps, mobile apps, and web services in various different languages.&lt;br /&gt;
* [https://github.com/reaperhulk Paul Kehrer] is our crypto expert on the Barbican project. He has experience running a public certificate authority as well as doing significant open source work in cryptography by writing and maintaining [https://github.com/r509/r509 r509], a ruby library for managing a certificate infrastructure and [https://github.com/pyca/cryptography cryptography], a modern python crypto library.&lt;br /&gt;
* [https://github.com/jmvrbanac John Vrbanac] is our test lead on the Barbican effort. John's background is primarily in enterprise software development. Before joining Rackspace and the Barbican effort, John was a lead developer for Pearson on their flagship online testing platform. Recently, he has been contributing to the open-source world through the writing and maintaining of [https://github.com/jmvrbanac/specter Specter], a code-centric Python BDD framework, as well as contributing to projects such as: [https://github.com/zinic/pynsive Pynsive], [https://github.com/borisyankov/DefinitelyTyped DefinitelyTyped], and the [http://developer.ubuntu.com/api/qml/sdk-1.0/ Ubuntu API website].&lt;br /&gt;
* [https://github.com/chadlung Chad Lung] is a developer on the Barbican project. Chad previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and [http://atomhopper.org/ Atom Hopper]. Chad joined Rackspace in 2011. Previously he worked for Pearson.&lt;br /&gt;
* [https://github.com/stevendgonzales Steven Gonzalez] is a developer on the Barbican project. Steven previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and joined Rackspace in 2013. Previously he worked at UTSA.&lt;br /&gt;
&lt;br /&gt;
== Infrastructure Requirements ==&lt;br /&gt;
Barbican is currently on StackForge using Gerrit and Jenkins to run the unit test suite and flake8. An integration and testing environment are set up on Rackspace public cloud. In addition to the Cloud environments, Barbican has two staging environments with physical servers and HSMs for testing integration and replication use cases.&lt;br /&gt;
&lt;br /&gt;
== Tasks for Incubation (Barbican was incubated on March 10, 2014) ==&lt;br /&gt;
The following are tasks for Barbican that have been brought up as part of the incubation process as well as some changes that we felt were in the spirit of incubation.&lt;br /&gt;
&lt;br /&gt;
===  Barbican ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64468/ Review]] Move to global requirements&lt;br /&gt;
# [[https://review.openstack.org/#/c/60551/ Review]] Move Barbican to pbr&lt;br /&gt;
# [[https://review.openstack.org/#/c/60427/ Review]] Use oslo.messaging instead of celery&lt;br /&gt;
# [[https://review.openstack.org/#/c/74530 Review]] Set up a basic devstack-gate job (https://review.openstack.org/#/c/57098/)&lt;br /&gt;
# [[https://review.openstack.org/#/c/69512/ Review]] Move to supporting testr&lt;br /&gt;
&lt;br /&gt;
=== python-barbicanclient ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64573/ Review]] Rename command line client to barbican to be more in line with rest of openstack&lt;br /&gt;
# [[https://review.openstack.org/#/c/64851/ Review]] Migrate python-barbicanclient to pbr&lt;br /&gt;
# [[https://github.com/stackforge/python-barbicanclient GitHub] / [https://review.openstack.org/#/q/status:merged+project:stackforge/python-barbicanclient,n,z Gerrit] / [https://review.openstack.org/#/c/60101 Review]] Move python-barbicanclient repository to stackforge&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47525</id>
		<title>Barbican/Incubation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47525"/>
				<updated>2014-04-02T19:43:59Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Icehouse */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Project Codename ==&lt;br /&gt;
[http://en.wikipedia.org/wiki/Barbican Barbican]&lt;br /&gt;
&lt;br /&gt;
== Trademarks ==&lt;br /&gt;
There are no other parts of the Barbican project that will be part of OpenStack.&lt;br /&gt;
&lt;br /&gt;
== Summary ==&lt;br /&gt;
Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds.&lt;br /&gt;
&lt;br /&gt;
== Mission Statement == &lt;br /&gt;
To produce an OpenStack key management API that simplifies the creation, management and use of keying material for encryption purposes. We plan to achieve this by creating and maintaining a Python service, libraries and documentation as well as working with other OpenStack projects to enable encryption features for their customers and internal infrastructure.&lt;br /&gt;
&lt;br /&gt;
== Detailed Description ==&lt;br /&gt;
The current state of key management is atrocious. While Windows does have some decent options through the use of the Data Protection API (DPAPI) and Active Directory, Linux lacks a cohesive story around how to manage keys for application use.&lt;br /&gt;
&lt;br /&gt;
Barbican was designed to solve this problem. The system was motivated by internal Rackspace needs, requirements from OpenStack and a realization that the current state of the art could use some help.&lt;br /&gt;
&lt;br /&gt;
Barbican will handle many types of secrets, including:&lt;br /&gt;
&lt;br /&gt;
* Symmetric Keys - Used to perform reversible encryption of data at rest, typically using the AES algorithm set. This type of key is required to enable features like [http://www.openstack.org/software/openstack-storage/ encrypted Swift containers and Cinder volumes], [http://www.rackspace.com/cloud/backup/ encrypted Cloud Backups], [https://wiki.openstack.org/wiki/MessageSecurity Message Signing], etc.&lt;br /&gt;
* Asymmetric Keys - Asymmetric key pairs (sometimes referred to as public / private keys) are used in many scenarios where communication between untrusted parties is desired. The most common case is with SSL/TLS certificates, but also is used in solutions like SSH keys, S/MIME (mail) encryption and digital signatures.&lt;br /&gt;
* Raw Secrets - Barbican stores secrets as a base64 encoded block of data (encrypted, naturally). Clients can use the API to store any secrets in any format they desire. The Postern agent is capable of presenting these secrets in various formats to ease integration.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For the symmetric and asymmetric key types, Barbican supports full lifecycle management including provisioning, expiration, reporting, etc. A plugin system allows for multiple certificate authority support (including public and private CAs).&lt;br /&gt;
&lt;br /&gt;
== Scope ==&lt;br /&gt;
Barbican plans to address issues related to the key management process. This includes key generation, lifecycle management and revocation as well as ancillary services like auditing, logging and compliance concerns. We plan to support a variety of key types include symmetric keys (e.g. AES) and various asymmetric keys including RSA / DSA / ECC keys for use with SSL/TLS, SSH and signing. Additionally, Barbican provides pluggable interfaces to use specialized Hardware Security Modules (HSMs) to provide additional security and compliance as well as a strong source of randomness.  &lt;br /&gt;
&lt;br /&gt;
=== Deliverables ===&lt;br /&gt;
The Barbican project will produce two deliverables:&lt;br /&gt;
# barbican - Python ReST API for performing key management&lt;br /&gt;
# python-barbicanclient - A python library providing access to features of the Barbican API&lt;br /&gt;
&lt;br /&gt;
== Roadmap ==&lt;br /&gt;
Barbican has been participating in the OpenStack release toolchain for the Havana cycle. Our blueprints and milestones can be seen in [https://launchpad.net/barbican Launchpad]. As a result, we have completed our MVP set of functionality which is detailed below along with our future plans. &lt;br /&gt;
&lt;br /&gt;
In the long term, we see most OpenStack services depending on Barbican to deliver encryption services. In addition, we see customers of an OpenStack cloud also relying directly on Barbican for secret provisioning and storage. We see potential integrations in the following areas:&lt;br /&gt;
&lt;br /&gt;
* Encryption at Rest: Nova, Cinder, Trove, Ironic, Glance, Swift, Marconi, Savannah&lt;br /&gt;
* Key Distribution / Management: Nova, Keystone, Neutron, Heat&lt;br /&gt;
* Signing / Data Verification: Oslo, Marconi&lt;br /&gt;
* Encryption in Flight: Any systems that use SSL, but especially systems that spin resources that need transport protection like Trove or Savannah&lt;br /&gt;
&lt;br /&gt;
=== Havana (1.0) ===&lt;br /&gt;
These features are all complete.&lt;br /&gt;
&lt;br /&gt;
* API support for CRUD of secrets&lt;br /&gt;
* API support for certificate / key creation requests (orders)&lt;br /&gt;
* Chef infrastructure for configuration management&lt;br /&gt;
* RBAC support&lt;br /&gt;
* Crypto plugin model for Hardware Security Module (HSM) support&lt;br /&gt;
* 'Dev' plugin for a crypto backend (in place of HSM)&lt;br /&gt;
* python-barbicanclient python library&lt;br /&gt;
* keep command line client (part of python-barbicanclient)&lt;br /&gt;
&lt;br /&gt;
=== Icehouse ===&lt;br /&gt;
* Support for [https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes transparent encryption for Cinder volumes]&lt;br /&gt;
* KIMP backend support (based on a third-party library contribution)&lt;br /&gt;
* KDS service for [https://wiki.openstack.org/wiki/MessageSecurity message signing]&lt;br /&gt;
* Support for provisioning SSL/TLS certificates from public CAs (plugin based, Symantec CAs first)&lt;br /&gt;
* Support API for [https://fedorahosted.org/certmonger/ certmonger] tool&lt;br /&gt;
* Backend support for Dogtag (based on third party contributions)&lt;br /&gt;
* Support for [https://wiki.openstack.org/wiki/Swift/server-side-enc object encryption in swift] (third party contributions)&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
* Provisioning SSL/TLS from internal CAs&lt;br /&gt;
* Support for the Microsoft CA infrastructure&lt;br /&gt;
* Support for DEK storage in HSM&lt;br /&gt;
* Advanced auditing, logging and reporting&lt;br /&gt;
* Compliance with various regimes including PCI, HIPAA, SOX, etc. Possibly FIPS / FISMA&lt;br /&gt;
&lt;br /&gt;
== Project Resources ==&lt;br /&gt;
* Server Source Code: https://github.com/stackforge/barbican&lt;br /&gt;
* Client Source Code: https://github.com/cloudkeep/python-barbicanclient&lt;br /&gt;
* Language: [http://www.python.org/ Python]&lt;br /&gt;
* License: [https://github.com/stackforge/barbican/blob/master/LICENSE Apache 2.0]&lt;br /&gt;
&lt;br /&gt;
== Team ==&lt;br /&gt;
The following are the team members currently working on Barbican. In addition to this list, the community has contributed code, documentation, architectural review and other support. These include representatives from Rackspace, HP, RedHat, Nebula and more. All members below have signed the OpenStack CLA prior to writing any Barbican code.&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/jarretraim Jarret Raim] is the proposed technical lead. Jarret is the Cloud Security Product Manager at Rackspace and is in charge of the Barbican effort. Jarret did security research as part of his undergraduate and graduate work. Since graduating, Jarret has worked as a developer at Southwest Research Institute and a security consultant at Denim Group before moving to Rackspace.&lt;br /&gt;
* [https://github.com/jfwood John Wood] is a developer on the Barbican project. John is a senior developer at Rackspace. John has worked on enterprise systems at Southwest Research Institute, 360Commerce (now Oracle Retail) and Nationwide. Prior to that he developed firmware for telecommunications and signal processing applications.&lt;br /&gt;
* [https://github.com/dmend Douglas Mendizabal] is a developer on the Barbican project.  Doug joined Rackspace earlier this year, where he contributed to Project Meniscus before joining the Barbican team.  Prior to joining Rackspace, Doug was a secure software development consultant at Denim Group where he helped development of web apps, mobile apps, and web services in various different languages.&lt;br /&gt;
* [https://github.com/reaperhulk Paul Kehrer] is our crypto expert on the Barbican project. He has experience running a public certificate authority as well as doing significant open source work in cryptography by writing and maintaining [https://github.com/r509/r509 r509], a ruby library for managing a certificate infrastructure and [https://github.com/pyca/cryptography cryptography], a modern python crypto library.&lt;br /&gt;
* [https://github.com/jmvrbanac John Vrbanac] is our test lead on the Barbican effort. John's background is primarily in enterprise software development. Before joining Rackspace and the Barbican effort, John was a lead developer for Pearson on their flagship online testing platform. Recently, he has been contributing to the open-source world through the writing and maintaining of [https://github.com/jmvrbanac/specter Specter], a code-centric Python BDD framework, as well as contributing to projects such as: [https://github.com/zinic/pynsive Pynsive], [https://github.com/borisyankov/DefinitelyTyped DefinitelyTyped], and the [http://developer.ubuntu.com/api/qml/sdk-1.0/ Ubuntu API website].&lt;br /&gt;
* [https://github.com/chadlung Chad Lung] is a developer on the Barbican project. Chad previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and [http://atomhopper.org/ Atom Hopper]. Chad joined Rackspace in 2011. Previously he worked for Pearson.&lt;br /&gt;
* [https://github.com/stevendgonzales Steven Gonzalez] is a developer on the Barbican project. Steven previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and joined Rackspace in 2013. Previously he worked at UTSA.&lt;br /&gt;
&lt;br /&gt;
== Infrastructure Requirements ==&lt;br /&gt;
Barbican is currently on StackForge using Gerrit and Jenkins to run the unit test suite and flake8. An integration and testing environment are set up on Rackspace public cloud. In addition to the Cloud environments, Barbican has two staging environments with physical servers and HSMs for testing integration and replication use cases.&lt;br /&gt;
&lt;br /&gt;
== Tasks for Incubation (Barbican was incubated on March 10, 2014) ==&lt;br /&gt;
The following are tasks for Barbican that have been brought up as part of the incubation process as well as some changes that we felt were in the spirit of incubation.&lt;br /&gt;
&lt;br /&gt;
===  Barbican ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64468/ Review]] Move to global requirements&lt;br /&gt;
# [[https://review.openstack.org/#/c/60551/ Review]] Move Barbican to pbr&lt;br /&gt;
# [[https://review.openstack.org/#/c/60427/ Review]] Use oslo.messaging instead of celery&lt;br /&gt;
# [[https://review.openstack.org/#/c/74530 Review]] Set up a basic devstack-gate job (https://review.openstack.org/#/c/57098/)&lt;br /&gt;
# [[https://review.openstack.org/#/c/69512/ Review]] Move to supporting testr&lt;br /&gt;
&lt;br /&gt;
=== python-barbicanclient ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64573/ Review]] Rename command line client to barbican to be more in line with rest of openstack&lt;br /&gt;
# [[https://review.openstack.org/#/c/64851/ Review]] Migrate python-barbicanclient to pbr&lt;br /&gt;
# [[https://github.com/stackforge/python-barbicanclient GitHub] / [https://review.openstack.org/#/q/status:merged+project:stackforge/python-barbicanclient,n,z Gerrit] / [https://review.openstack.org/#/c/60101 Review]] Move python-barbicanclient repository to stackforge&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47524</id>
		<title>Barbican/Incubation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47524"/>
				<updated>2014-04-02T19:42:49Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Team */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Project Codename ==&lt;br /&gt;
[http://en.wikipedia.org/wiki/Barbican Barbican]&lt;br /&gt;
&lt;br /&gt;
== Trademarks ==&lt;br /&gt;
There are no other parts of the Barbican project that will be part of OpenStack.&lt;br /&gt;
&lt;br /&gt;
== Summary ==&lt;br /&gt;
Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds.&lt;br /&gt;
&lt;br /&gt;
== Mission Statement == &lt;br /&gt;
To produce an OpenStack key management API that simplifies the creation, management and use of keying material for encryption purposes. We plan to achieve this by creating and maintaining a Python service, libraries and documentation as well as working with other OpenStack projects to enable encryption features for their customers and internal infrastructure.&lt;br /&gt;
&lt;br /&gt;
== Detailed Description ==&lt;br /&gt;
The current state of key management is atrocious. While Windows does have some decent options through the use of the Data Protection API (DPAPI) and Active Directory, Linux lacks a cohesive story around how to manage keys for application use.&lt;br /&gt;
&lt;br /&gt;
Barbican was designed to solve this problem. The system was motivated by internal Rackspace needs, requirements from OpenStack and a realization that the current state of the art could use some help.&lt;br /&gt;
&lt;br /&gt;
Barbican will handle many types of secrets, including:&lt;br /&gt;
&lt;br /&gt;
* Symmetric Keys - Used to perform reversible encryption of data at rest, typically using the AES algorithm set. This type of key is required to enable features like [http://www.openstack.org/software/openstack-storage/ encrypted Swift containers and Cinder volumes], [http://www.rackspace.com/cloud/backup/ encrypted Cloud Backups], [https://wiki.openstack.org/wiki/MessageSecurity Message Signing], etc.&lt;br /&gt;
* Asymmetric Keys - Asymmetric key pairs (sometimes referred to as public / private keys) are used in many scenarios where communication between untrusted parties is desired. The most common case is with SSL/TLS certificates, but also is used in solutions like SSH keys, S/MIME (mail) encryption and digital signatures.&lt;br /&gt;
* Raw Secrets - Barbican stores secrets as a base64 encoded block of data (encrypted, naturally). Clients can use the API to store any secrets in any format they desire. The Postern agent is capable of presenting these secrets in various formats to ease integration.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For the symmetric and asymmetric key types, Barbican supports full lifecycle management including provisioning, expiration, reporting, etc. A plugin system allows for multiple certificate authority support (including public and private CAs).&lt;br /&gt;
&lt;br /&gt;
== Scope ==&lt;br /&gt;
Barbican plans to address issues related to the key management process. This includes key generation, lifecycle management and revocation as well as ancillary services like auditing, logging and compliance concerns. We plan to support a variety of key types include symmetric keys (e.g. AES) and various asymmetric keys including RSA / DSA / ECC keys for use with SSL/TLS, SSH and signing. Additionally, Barbican provides pluggable interfaces to use specialized Hardware Security Modules (HSMs) to provide additional security and compliance as well as a strong source of randomness.  &lt;br /&gt;
&lt;br /&gt;
=== Deliverables ===&lt;br /&gt;
The Barbican project will produce two deliverables:&lt;br /&gt;
# barbican - Python ReST API for performing key management&lt;br /&gt;
# python-barbicanclient - A python library providing access to features of the Barbican API&lt;br /&gt;
&lt;br /&gt;
== Roadmap ==&lt;br /&gt;
Barbican has been participating in the OpenStack release toolchain for the Havana cycle. Our blueprints and milestones can be seen in [https://launchpad.net/barbican Launchpad]. As a result, we have completed our MVP set of functionality which is detailed below along with our future plans. &lt;br /&gt;
&lt;br /&gt;
In the long term, we see most OpenStack services depending on Barbican to deliver encryption services. In addition, we see customers of an OpenStack cloud also relying directly on Barbican for secret provisioning and storage. We see potential integrations in the following areas:&lt;br /&gt;
&lt;br /&gt;
* Encryption at Rest: Nova, Cinder, Trove, Ironic, Glance, Swift, Marconi, Savannah&lt;br /&gt;
* Key Distribution / Management: Nova, Keystone, Neutron, Heat&lt;br /&gt;
* Signing / Data Verification: Oslo, Marconi&lt;br /&gt;
* Encryption in Flight: Any systems that use SSL, but especially systems that spin resources that need transport protection like Trove or Savannah&lt;br /&gt;
&lt;br /&gt;
=== Havana (1.0) ===&lt;br /&gt;
These features are all complete.&lt;br /&gt;
&lt;br /&gt;
* API support for CRUD of secrets&lt;br /&gt;
* API support for certificate / key creation requests (orders)&lt;br /&gt;
* Chef infrastructure for configuration management&lt;br /&gt;
* RBAC support&lt;br /&gt;
* Crypto plugin model for Hardware Security Module (HSM) support&lt;br /&gt;
* 'Dev' plugin for a crypto backend (in place of HSM)&lt;br /&gt;
* python-barbicanclient python library&lt;br /&gt;
* keep command line client (part of python-barbicanclient)&lt;br /&gt;
&lt;br /&gt;
=== Icehouse ===&lt;br /&gt;
* Boot verification support (use for transparent disk encryption)&lt;br /&gt;
* Support for [https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes transparent encryption for Cinder volumes]&lt;br /&gt;
* KIMP backend support (based on a third-party library contribution)&lt;br /&gt;
* KDS service for [https://wiki.openstack.org/wiki/MessageSecurity message signing]&lt;br /&gt;
* Support for provisioning SSL/TLS certificates from public CAs (plugin based, Symantec CAs first)&lt;br /&gt;
* Support API for [https://fedorahosted.org/certmonger/ certmonger] tool&lt;br /&gt;
* Backend support for Dogtag (based on third party contributions)&lt;br /&gt;
* Support for [https://wiki.openstack.org/wiki/Swift/server-side-enc object encryption in swift] (third party contributions)&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
* Provisioning SSL/TLS from internal CAs&lt;br /&gt;
* Support for the Microsoft CA infrastructure&lt;br /&gt;
* Support for DEK storage in HSM&lt;br /&gt;
* Advanced auditing, logging and reporting&lt;br /&gt;
* Compliance with various regimes including PCI, HIPAA, SOX, etc. Possibly FIPS / FISMA&lt;br /&gt;
&lt;br /&gt;
== Project Resources ==&lt;br /&gt;
* Server Source Code: https://github.com/stackforge/barbican&lt;br /&gt;
* Client Source Code: https://github.com/cloudkeep/python-barbicanclient&lt;br /&gt;
* Language: [http://www.python.org/ Python]&lt;br /&gt;
* License: [https://github.com/stackforge/barbican/blob/master/LICENSE Apache 2.0]&lt;br /&gt;
&lt;br /&gt;
== Team ==&lt;br /&gt;
The following are the team members currently working on Barbican. In addition to this list, the community has contributed code, documentation, architectural review and other support. These include representatives from Rackspace, HP, RedHat, Nebula and more. All members below have signed the OpenStack CLA prior to writing any Barbican code.&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/jarretraim Jarret Raim] is the proposed technical lead. Jarret is the Cloud Security Product Manager at Rackspace and is in charge of the Barbican effort. Jarret did security research as part of his undergraduate and graduate work. Since graduating, Jarret has worked as a developer at Southwest Research Institute and a security consultant at Denim Group before moving to Rackspace.&lt;br /&gt;
* [https://github.com/jfwood John Wood] is a developer on the Barbican project. John is a senior developer at Rackspace. John has worked on enterprise systems at Southwest Research Institute, 360Commerce (now Oracle Retail) and Nationwide. Prior to that he developed firmware for telecommunications and signal processing applications.&lt;br /&gt;
* [https://github.com/dmend Douglas Mendizabal] is a developer on the Barbican project.  Doug joined Rackspace earlier this year, where he contributed to Project Meniscus before joining the Barbican team.  Prior to joining Rackspace, Doug was a secure software development consultant at Denim Group where he helped development of web apps, mobile apps, and web services in various different languages.&lt;br /&gt;
* [https://github.com/reaperhulk Paul Kehrer] is our crypto expert on the Barbican project. He has experience running a public certificate authority as well as doing significant open source work in cryptography by writing and maintaining [https://github.com/r509/r509 r509], a ruby library for managing a certificate infrastructure and [https://github.com/pyca/cryptography cryptography], a modern python crypto library.&lt;br /&gt;
* [https://github.com/jmvrbanac John Vrbanac] is our test lead on the Barbican effort. John's background is primarily in enterprise software development. Before joining Rackspace and the Barbican effort, John was a lead developer for Pearson on their flagship online testing platform. Recently, he has been contributing to the open-source world through the writing and maintaining of [https://github.com/jmvrbanac/specter Specter], a code-centric Python BDD framework, as well as contributing to projects such as: [https://github.com/zinic/pynsive Pynsive], [https://github.com/borisyankov/DefinitelyTyped DefinitelyTyped], and the [http://developer.ubuntu.com/api/qml/sdk-1.0/ Ubuntu API website].&lt;br /&gt;
* [https://github.com/chadlung Chad Lung] is a developer on the Barbican project. Chad previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and [http://atomhopper.org/ Atom Hopper]. Chad joined Rackspace in 2011. Previously he worked for Pearson.&lt;br /&gt;
* [https://github.com/stevendgonzales Steven Gonzalez] is a developer on the Barbican project. Steven previously worked on [https://github.com/ProjectMeniscus/meniscus Project Meniscus] (a logging service) and joined Rackspace in 2013. Previously he worked at UTSA.&lt;br /&gt;
&lt;br /&gt;
== Infrastructure Requirements ==&lt;br /&gt;
Barbican is currently on StackForge using Gerrit and Jenkins to run the unit test suite and flake8. An integration and testing environment are set up on Rackspace public cloud. In addition to the Cloud environments, Barbican has two staging environments with physical servers and HSMs for testing integration and replication use cases.&lt;br /&gt;
&lt;br /&gt;
== Tasks for Incubation (Barbican was incubated on March 10, 2014) ==&lt;br /&gt;
The following are tasks for Barbican that have been brought up as part of the incubation process as well as some changes that we felt were in the spirit of incubation.&lt;br /&gt;
&lt;br /&gt;
===  Barbican ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64468/ Review]] Move to global requirements&lt;br /&gt;
# [[https://review.openstack.org/#/c/60551/ Review]] Move Barbican to pbr&lt;br /&gt;
# [[https://review.openstack.org/#/c/60427/ Review]] Use oslo.messaging instead of celery&lt;br /&gt;
# [[https://review.openstack.org/#/c/74530 Review]] Set up a basic devstack-gate job (https://review.openstack.org/#/c/57098/)&lt;br /&gt;
# [[https://review.openstack.org/#/c/69512/ Review]] Move to supporting testr&lt;br /&gt;
&lt;br /&gt;
=== python-barbicanclient ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64573/ Review]] Rename command line client to barbican to be more in line with rest of openstack&lt;br /&gt;
# [[https://review.openstack.org/#/c/64851/ Review]] Migrate python-barbicanclient to pbr&lt;br /&gt;
# [[https://github.com/stackforge/python-barbicanclient GitHub] / [https://review.openstack.org/#/q/status:merged+project:stackforge/python-barbicanclient,n,z Gerrit] / [https://review.openstack.org/#/c/60101 Review]] Move python-barbicanclient repository to stackforge&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47523</id>
		<title>Barbican/Incubation</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Incubation&amp;diff=47523"/>
				<updated>2014-04-02T19:40:45Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Tasks for Incubation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Project Codename ==&lt;br /&gt;
[http://en.wikipedia.org/wiki/Barbican Barbican]&lt;br /&gt;
&lt;br /&gt;
== Trademarks ==&lt;br /&gt;
There are no other parts of the Barbican project that will be part of OpenStack.&lt;br /&gt;
&lt;br /&gt;
== Summary ==&lt;br /&gt;
Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds.&lt;br /&gt;
&lt;br /&gt;
== Mission Statement == &lt;br /&gt;
To produce an OpenStack key management API that simplifies the creation, management and use of keying material for encryption purposes. We plan to achieve this by creating and maintaining a Python service, libraries and documentation as well as working with other OpenStack projects to enable encryption features for their customers and internal infrastructure.&lt;br /&gt;
&lt;br /&gt;
== Detailed Description ==&lt;br /&gt;
The current state of key management is atrocious. While Windows does have some decent options through the use of the Data Protection API (DPAPI) and Active Directory, Linux lacks a cohesive story around how to manage keys for application use.&lt;br /&gt;
&lt;br /&gt;
Barbican was designed to solve this problem. The system was motivated by internal Rackspace needs, requirements from OpenStack and a realization that the current state of the art could use some help.&lt;br /&gt;
&lt;br /&gt;
Barbican will handle many types of secrets, including:&lt;br /&gt;
&lt;br /&gt;
* Symmetric Keys - Used to perform reversible encryption of data at rest, typically using the AES algorithm set. This type of key is required to enable features like [http://www.openstack.org/software/openstack-storage/ encrypted Swift containers and Cinder volumes], [http://www.rackspace.com/cloud/backup/ encrypted Cloud Backups], [https://wiki.openstack.org/wiki/MessageSecurity Message Signing], etc.&lt;br /&gt;
* Asymmetric Keys - Asymmetric key pairs (sometimes referred to as public / private keys) are used in many scenarios where communication between untrusted parties is desired. The most common case is with SSL/TLS certificates, but also is used in solutions like SSH keys, S/MIME (mail) encryption and digital signatures.&lt;br /&gt;
* Raw Secrets - Barbican stores secrets as a base64 encoded block of data (encrypted, naturally). Clients can use the API to store any secrets in any format they desire. The Postern agent is capable of presenting these secrets in various formats to ease integration.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For the symmetric and asymmetric key types, Barbican supports full lifecycle management including provisioning, expiration, reporting, etc. A plugin system allows for multiple certificate authority support (including public and private CAs).&lt;br /&gt;
&lt;br /&gt;
== Scope ==&lt;br /&gt;
Barbican plans to address issues related to the key management process. This includes key generation, lifecycle management and revocation as well as ancillary services like auditing, logging and compliance concerns. We plan to support a variety of key types include symmetric keys (e.g. AES) and various asymmetric keys including RSA / DSA / ECC keys for use with SSL/TLS, SSH and signing. Additionally, Barbican provides pluggable interfaces to use specialized Hardware Security Modules (HSMs) to provide additional security and compliance as well as a strong source of randomness.  &lt;br /&gt;
&lt;br /&gt;
=== Deliverables ===&lt;br /&gt;
The Barbican project will produce two deliverables:&lt;br /&gt;
# barbican - Python ReST API for performing key management&lt;br /&gt;
# python-barbicanclient - A python library providing access to features of the Barbican API&lt;br /&gt;
&lt;br /&gt;
== Roadmap ==&lt;br /&gt;
Barbican has been participating in the OpenStack release toolchain for the Havana cycle. Our blueprints and milestones can be seen in [https://launchpad.net/barbican Launchpad]. As a result, we have completed our MVP set of functionality which is detailed below along with our future plans. &lt;br /&gt;
&lt;br /&gt;
In the long term, we see most OpenStack services depending on Barbican to deliver encryption services. In addition, we see customers of an OpenStack cloud also relying directly on Barbican for secret provisioning and storage. We see potential integrations in the following areas:&lt;br /&gt;
&lt;br /&gt;
* Encryption at Rest: Nova, Cinder, Trove, Ironic, Glance, Swift, Marconi, Savannah&lt;br /&gt;
* Key Distribution / Management: Nova, Keystone, Neutron, Heat&lt;br /&gt;
* Signing / Data Verification: Oslo, Marconi&lt;br /&gt;
* Encryption in Flight: Any systems that use SSL, but especially systems that spin resources that need transport protection like Trove or Savannah&lt;br /&gt;
&lt;br /&gt;
=== Havana (1.0) ===&lt;br /&gt;
These features are all complete.&lt;br /&gt;
&lt;br /&gt;
* API support for CRUD of secrets&lt;br /&gt;
* API support for certificate / key creation requests (orders)&lt;br /&gt;
* Chef infrastructure for configuration management&lt;br /&gt;
* RBAC support&lt;br /&gt;
* Crypto plugin model for Hardware Security Module (HSM) support&lt;br /&gt;
* 'Dev' plugin for a crypto backend (in place of HSM)&lt;br /&gt;
* python-barbicanclient python library&lt;br /&gt;
* keep command line client (part of python-barbicanclient)&lt;br /&gt;
&lt;br /&gt;
=== Icehouse ===&lt;br /&gt;
* Boot verification support (use for transparent disk encryption)&lt;br /&gt;
* Support for [https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes transparent encryption for Cinder volumes]&lt;br /&gt;
* KIMP backend support (based on a third-party library contribution)&lt;br /&gt;
* KDS service for [https://wiki.openstack.org/wiki/MessageSecurity message signing]&lt;br /&gt;
* Support for provisioning SSL/TLS certificates from public CAs (plugin based, Symantec CAs first)&lt;br /&gt;
* Support API for [https://fedorahosted.org/certmonger/ certmonger] tool&lt;br /&gt;
* Backend support for Dogtag (based on third party contributions)&lt;br /&gt;
* Support for [https://wiki.openstack.org/wiki/Swift/server-side-enc object encryption in swift] (third party contributions)&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
* Provisioning SSL/TLS from internal CAs&lt;br /&gt;
* Support for the Microsoft CA infrastructure&lt;br /&gt;
* Support for DEK storage in HSM&lt;br /&gt;
* Advanced auditing, logging and reporting&lt;br /&gt;
* Compliance with various regimes including PCI, HIPAA, SOX, etc. Possibly FIPS / FISMA&lt;br /&gt;
&lt;br /&gt;
== Project Resources ==&lt;br /&gt;
* Server Source Code: https://github.com/stackforge/barbican&lt;br /&gt;
* Client Source Code: https://github.com/cloudkeep/python-barbicanclient&lt;br /&gt;
* Language: [http://www.python.org/ Python]&lt;br /&gt;
* License: [https://github.com/stackforge/barbican/blob/master/LICENSE Apache 2.0]&lt;br /&gt;
&lt;br /&gt;
== Team ==&lt;br /&gt;
The following are the team members currently working on Barbican. In addition to this list, the community has contributed code, documentation, architectural review and other support. These include representatives from Rackspace, HP, RedHat, Nebula and more. All members below have signed the OpenStack CLA prior to writing any Barbican code.&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/jarretraim Jarret Raim] is the proposed technical lead. Jarret is the Cloud Security Product Manager at Rackspace and is in charge of the Barbican effort. Jarret did security research as part of his undergraduate and graduate work. Since graduating, Jarret has worked as a developer at Southwest Research Institute and a security consultant at Denim Group before moving to Rackspace.&lt;br /&gt;
* [https://github.com/jfwood John Wood] is a developer on the Barbican project. John is a senior developer at Rackspace. John has worked on enterprise systems at Southwest Research Institute, 360Commerce (now Oracle Retail) and Nationwide. Prior to that he developed firmware for telecommunications and signal processing applications.&lt;br /&gt;
* [https://github.com/dmend Douglas Mendizabal] is a developer on the Barbican project.  Doug joined Rackspace earlier this year, where he contributed to Project Meniscus before joining the Barbican team.  Prior to joining Rackspace, Doug was a secure software development consultant at Denim Group where he helped development of web apps, mobile apps, and web services in various different languages.&lt;br /&gt;
* [https://github.com/reaperhulk Paul Kehrer] is our crypto expert on the Barbican project. He has experience running a public certificate authority as well as doing significant open source work in cryptography by writing and maintaining [https://github.com/r509/r509 r509], a ruby library for managing a certificate infrastructure and [https://github.com/pyca/cryptography cryptography], a modern python crypto library.&lt;br /&gt;
* [https://github.com/jmvrbanac John Vrbanac] is our test lead on the Barbican effort. John's background is primarily in enterprise software development. Before joining Rackspace and the Barbican effort, John was a lead developer for Pearson on their flagship online testing platform. Recently, he has been contributing to the open-source world through the writing and maintaining of [https://github.com/jmvrbanac/specter Specter], a code-centric Python BDD framework, as well as contributing to projects such as: [https://github.com/zinic/pynsive Pynsive], [https://github.com/borisyankov/DefinitelyTyped DefinitelyTyped], and the [http://developer.ubuntu.com/api/qml/sdk-1.0/ Ubuntu API website].&lt;br /&gt;
* [https://github.com/chadlung Chad Lung] is a developer on the Barbican project. Chad previously worked on Project Meniscus (a logging service) and Atom Hopper. Chad joined Rackspace in 2011. Previously he worked for Pearson.&lt;br /&gt;
* [https://github.com/stevendgonzales Steven Gonzalez] is a developer on the Barbican project. Steven previously worked on Project Meniscus (a logging service) and joined Rackspace in 2013. Previously he worked at UTSA.&lt;br /&gt;
&lt;br /&gt;
== Infrastructure Requirements ==&lt;br /&gt;
Barbican is currently on StackForge using Gerrit and Jenkins to run the unit test suite and flake8. An integration and testing environment are set up on Rackspace public cloud. In addition to the Cloud environments, Barbican has two staging environments with physical servers and HSMs for testing integration and replication use cases.&lt;br /&gt;
&lt;br /&gt;
== Tasks for Incubation (Barbican was incubated on March 10, 2014) ==&lt;br /&gt;
The following are tasks for Barbican that have been brought up as part of the incubation process as well as some changes that we felt were in the spirit of incubation.&lt;br /&gt;
&lt;br /&gt;
===  Barbican ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64468/ Review]] Move to global requirements&lt;br /&gt;
# [[https://review.openstack.org/#/c/60551/ Review]] Move Barbican to pbr&lt;br /&gt;
# [[https://review.openstack.org/#/c/60427/ Review]] Use oslo.messaging instead of celery&lt;br /&gt;
# [[https://review.openstack.org/#/c/74530 Review]] Set up a basic devstack-gate job (https://review.openstack.org/#/c/57098/)&lt;br /&gt;
# [[https://review.openstack.org/#/c/69512/ Review]] Move to supporting testr&lt;br /&gt;
&lt;br /&gt;
=== python-barbicanclient ===&lt;br /&gt;
# [[https://review.openstack.org/#/c/64573/ Review]] Rename command line client to barbican to be more in line with rest of openstack&lt;br /&gt;
# [[https://review.openstack.org/#/c/64851/ Review]] Migrate python-barbicanclient to pbr&lt;br /&gt;
# [[https://github.com/stackforge/python-barbicanclient GitHub] / [https://review.openstack.org/#/q/status:merged+project:stackforge/python-barbicanclient,n,z Gerrit] / [https://review.openstack.org/#/c/60101 Review]] Move python-barbicanclient repository to stackforge&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47520</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47520"/>
				<updated>2014-04-02T19:36:21Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47475</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=47475"/>
				<updated>2014-04-02T16:17:03Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/stackforge/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47168</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47168"/>
				<updated>2014-03-31T21:04:23Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.&lt;br /&gt;
&lt;br /&gt;
The plan is to have something generic enough that plugins can be created for numerous certificate authority back ends like [http://www.symantec.com/page.jsp?id=ssl-information-center Symantec], [http://pki.fedoraproject.org/wiki/PKI_Main_Page Dogtag], etc. These plugins would be enabled through Barbican. Barbican would act as a proxy to send the incoming order (certificate) to the appropriate plugin. All plugins would share a common interface. The workflow for issuing new and modifying existing certificates would live inside of the plugins.&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
''This is a work in progress''&lt;br /&gt;
&lt;br /&gt;
* Barbican would need to modified to allow for plugins to be called based upon order types&lt;br /&gt;
* Investigate how alerts should be dispatched and build that piece accordingly&lt;br /&gt;
* See the [https://wiki.openstack.org/wiki/Barbican/Blueprints/ssl-certificates#References references section] for additional blueprints that this work would be dependent on&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/dogtag-plugin&amp;diff=47167</id>
		<title>Barbican/Blueprints/dogtag-plugin</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/dogtag-plugin&amp;diff=47167"/>
				<updated>2014-03-31T21:02:08Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/dogtag-plugin&lt;br /&gt;
* '''Created''': 16-Jan-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': John Wood, Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, Ade Lee, Endi Dewata&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint is for creating a Barbican crypto plugin so that Barbican deployments can use the RedHat DogTag Data Recovery Manager (DRM) as a key management back-end.&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
To support a RedHat DRM as a key management back-end, changes will be needed relative to 2 main workflows:&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Creating a secret&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:CreateSecretUsingDogTagPlugin.png|none|center|Create Secret using DogTag Plugin]]&lt;br /&gt;
:NOTE: Between Barbican and DRM will be the DogTag plugin to integrate with DRM.&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Retrieving a secret&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:SecretRetrievalWorkflow.png|none|center|Retrieving a Secret using DogTag Plugin]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* python-barbicanclient&lt;br /&gt;
# Modify to support retrieving a transport key for encryption and decryption between Barbican client and Barbican&lt;br /&gt;
# Generate a session key for the lifespan of the transaction to encrypt data sent and decrypt data received&lt;br /&gt;
# Allow clients to optionally provide a passphrase, else self generate.&lt;br /&gt;
# Decrypt the retrieved secret using the session encrypted passphrase.&lt;br /&gt;
&lt;br /&gt;
* Barbican &lt;br /&gt;
# API&lt;br /&gt;
## New resource to retrieve a transport key and to use the crypto plugin to retrieve a transport key&lt;br /&gt;
## Initial setup: During installation of a DogTag DRM, a user and certificate is created and the public cert is available for use in Barbican&lt;br /&gt;
## Config changes to support configuration specific to DogTag Plugin&lt;br /&gt;
# Crypto Plugin interface&lt;br /&gt;
## modify create() method to return the encrypted datum (vs the current raw data).  It should have the same return contract as the encrypt() method (i.e. the secret generation and the secret encryption operations will be combined).&lt;br /&gt;
## new method() to return a transport key&lt;br /&gt;
# Dev Plugin &lt;br /&gt;
## Modify to support different contract behavior on create()&lt;br /&gt;
# DogTag Crypto Plugin&lt;br /&gt;
## abstraction layer for the DogTag Python library&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/dogtag-plugin Blueprint]&lt;br /&gt;
&lt;br /&gt;
[2] [https://github.com/stackforge/barbican Barbican on Github]&lt;br /&gt;
&lt;br /&gt;
[3] [https://github.com/stackforge/python-barbicanclient Python Barbican Client on Github]&lt;br /&gt;
&lt;br /&gt;
[4] [http://pki.fedoraproject.org/wiki/PKI_Main_Page RedHat DogTag]&lt;br /&gt;
&lt;br /&gt;
[5] [http://pki.fedoraproject.org/wiki/REST DogTag REST]&lt;br /&gt;
&lt;br /&gt;
[6] [http://pki.fedoraproject.org/wiki/Using-the-Python-Key-Client Using the Python Key Client]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47166</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47166"/>
				<updated>2014-03-31T20:58:16Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Proposed Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.&lt;br /&gt;
&lt;br /&gt;
The plan is to have something generic enough that plugins can be created for numerous certificate authority back ends like [http://www.symantec.com/page.jsp?id=ssl-information-center Symantec], [http://pki.fedoraproject.org/wiki/PKI_Main_Page Dogtag], etc. These plugins would be enabled through Barbican. Barbican would act as a proxy to send the incoming order (certificate) to the appropriate plugin. All plugins would share a common interface. The workflow for issuing new, revocation and modifying existing certificates would live inside of the plugins.&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
''This is a work in progress''&lt;br /&gt;
&lt;br /&gt;
* Barbican would need to modified to allow for plugins to be called based upon order types&lt;br /&gt;
* Investigate how alerts should be dispatched and build that piece accordingly&lt;br /&gt;
* See the [https://wiki.openstack.org/wiki/Barbican/Blueprints/ssl-certificates#References references section] for additional blueprints that this work would be dependent on&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47165</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47165"/>
				<updated>2014-03-31T20:57:35Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Proposed Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.&lt;br /&gt;
&lt;br /&gt;
The plan is to have something generic enough that plugins can be created for numerous certificate authority back ends like [http://www.symantec.com/page.jsp?id=ssl-information-center Symantec], [http://pki.fedoraproject.org/wiki/PKI_Main_Page Dogtag], etc. These plugins would be enabled through Barbican. Barbican would act as a proxy to send the incoming order (certificate) to the appropriate plugin. All plugins would share a common interface. The workflow for issuing new, revocation and modifying existing certificates would live inside of the plugins.&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
''This is a work in progress''&lt;br /&gt;
&lt;br /&gt;
* Barbican would need to modified to allow for plugins to be called based upon order types&lt;br /&gt;
* Investigate how alerts should be dispatched and build that piece accordingly&lt;br /&gt;
* See the references section for additional blueprints that this work would be dependent on&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47163</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47163"/>
				<updated>2014-03-31T20:54:33Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.&lt;br /&gt;
&lt;br /&gt;
The plan is to have something generic enough that plugins can be created for numerous certificate authority back ends like [http://www.symantec.com/page.jsp?id=ssl-information-center Symantec], [http://pki.fedoraproject.org/wiki/PKI_Main_Page Dogtag], etc. These plugins would be enabled through Barbican. Barbican would act as a proxy to send the incoming order (certificate) to the appropriate plugin. All plugins would share a common interface. The workflow for issuing new, revocation and modifying existing certificates would live inside of the plugins.&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
'''TODO'''&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47162</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47162"/>
				<updated>2014-03-31T20:51:25Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.&lt;br /&gt;
&lt;br /&gt;
The plan is to have something generic enough that plugins can be created for numerous certificate authority backends like [http://www.symantec.com/page.jsp?id=ssl-information-center Symantec], [http://pki.fedoraproject.org/wiki/PKI_Main_Page Dogtag], etc. These plugins would be enabled through Barbican. Barbican would act as a proxy to send the incoming order (certificate) to the appropriate plugin. All plugins would share a common interface. The workflow for issuing new and modifying existing certificates would live inside of the plugin. &lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
'''TODO'''&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47140</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47140"/>
				<updated>2014-03-31T19:04:51Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
'''TODO'''&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47138</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47138"/>
				<updated>2014-03-31T19:02:50Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Proposed Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''TODO'''&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
'''TODO'''&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47137</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47137"/>
				<updated>2014-03-31T19:02:36Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''TODO'''&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47135</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47135"/>
				<updated>2014-03-31T19:00:53Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* References */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Dependent Blueprint: Add more types to the orders resource ]&lt;br /&gt;
&lt;br /&gt;
[3] [https://blueprints.launchpad.net/barbican/+spec/support-rsa-key-store-generation Dependent Blueprint: Support RSA key store/generation ]&lt;br /&gt;
&lt;br /&gt;
[4] [https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container Dependent Blueprint: Implement Containers for Secrets ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47134</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47134"/>
				<updated>2014-03-31T18:55:51Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Blueprint: Add more types to the orders resource ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47133</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47133"/>
				<updated>2014-03-31T18:53:59Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 31-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
This work is dependent on another blueprint [2] &amp;quot;Add more types to the orders resource&amp;quot;.&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Blueprint: Add more types to the orders resource ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47132</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47132"/>
				<updated>2014-03-31T18:47:42Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* References */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 27-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint: Add SSL CA Support]&lt;br /&gt;
&lt;br /&gt;
[2] [https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types Blueprint: Add more types to the orders resource ]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47130</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47130"/>
				<updated>2014-03-31T18:33:27Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 27-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''Common Statuses'''&lt;br /&gt;
* '''Pending''' (not issued, not error)&lt;br /&gt;
* '''Error''' (not fatal, fixable)&lt;br /&gt;
* '''Failure''' (fatal error)&lt;br /&gt;
* '''Success''' (order complete)&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47126</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47126"/>
				<updated>2014-03-31T18:28:05Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 27-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Update Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Update-generic.png|none|center|Certificate Authority Update Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:Update-generic.png&amp;diff=47125</id>
		<title>File:Update-generic.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:Update-generic.png&amp;diff=47125"/>
				<updated>2014-03-31T18:25:39Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: Update Flow&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Update Flow&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47122</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47122"/>
				<updated>2014-03-31T18:18:39Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 27-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:Poll-generic.png&amp;diff=47121</id>
		<title>File:Poll-generic.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:Poll-generic.png&amp;diff=47121"/>
				<updated>2014-03-31T18:18:05Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: Chad Lung uploaded a new version of &amp;amp;quot;File:Poll-generic.png&amp;amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Poll Flow&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47120</id>
		<title>Barbican/Blueprints/ssl-certificates</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints/ssl-certificates&amp;diff=47120"/>
				<updated>2014-03-31T18:14:10Z</updated>
		
		<summary type="html">&lt;p&gt;Chad Lung: /* Description */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;* '''Launchpad Entry''': https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support&lt;br /&gt;
* '''Created''': 27-Mar-2014&lt;br /&gt;
* '''Updated''': 27-Mar-2014&lt;br /&gt;
* '''Contributors''': Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzalez, John Vrbanac&lt;br /&gt;
&lt;br /&gt;
== Abstract ==&lt;br /&gt;
&lt;br /&gt;
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through [https://github.com/stackforge/barbican Barbican].&lt;br /&gt;
&lt;br /&gt;
== Description ==&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Order-generic.png|none|center|Certificate Authority Order Flow]]&lt;br /&gt;
&lt;br /&gt;
'''&amp;lt;big&amp;gt;Certificate Authority Order Flow&amp;lt;/big&amp;gt;'''&lt;br /&gt;
&lt;br /&gt;
[[File:Poll-generic.png|none|center|Certificate Authority Poll Flow]]&lt;br /&gt;
&lt;br /&gt;
== Proposed Changes ==&lt;br /&gt;
&lt;br /&gt;
TODO&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
[1] [https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support Blueprint]&lt;/div&gt;</summary>
		<author><name>Chad Lung</name></author>	</entry>

	</feed>