Difference between revisions of "Barbican/Blueprints/dogtag-plugin"

Revision as of 23:25, 16 January 2014

Launchpad Entry: https://blueprints.launchpad.net/barbican/+spec/dogtag-plugin
Created: 16-Jan-2014
Updated: 16-Jan-2014
Contributors: John Wood, Chad Lung, Doug Mendizabal, Lisa Clark, Taz El-Kikhia, Ade Lee, Endi Dewata

Abstract

This blueprint is for creating a Barbican crypto plugin so that Barbican deployments can use the RedHat DogTag Data Recovery Manager (DRM) as a key management back-end.

Description

To support a RedHat DRM as a key management back-end, changes will be needed relative to 2 main workflows:

Creating a secret

NOTE: Between Barbican and DRM will be the DogTag plugin to integrate with DRM.

Retrieving a secret

Proposed Changes

Crypto Plugin interface

modify create() method to return the encrypted datum (vs the current raw data). It should have the same return contract as the encrypt() method (i.e. the secret generation and the secret encryption operations will be combined).

python-barbicanclient

Modify to support a transport key with the Barbican

Barbican

New resource to retrieve a transport key

References

[1] Blueprint [2] [3]

@@ Line 16: / Line 16: @@
 # Retrieving a secret
 [[File:SecretRetrievalWorkflow.png|none|center|Retrieving a Secret using DogTag Plugin]]
+== Proposed Changes ==
+* Crypto Plugin interface
+# modify create() method to return the encrypted datum (vs the current raw data).  It should have the same return contract as the encrypt() method (i.e. the secret generation and the secret encryption operations will be combined).
+* python-barbicanclient
+# Modify to support a transport key with the Barbican
+* Barbican
+# New resource to retrieve a transport key
 == References ==
-[1]
+[1] [https://blueprints.launchpad.net/barbican/+spec/dogtag-plugin Blueprint]
 [2]
 [3]
-----
-[[Category:Spec]]