From: Andreas B. <ab...@an...> - 2012-07-18 15:35:03
|
Am 18.07.2012 11:44, schrieb ejbca-support: > On 2012-07-18 11:28, Andreas Bürki wrote: >> Anders, >> >> Why not PrimeKey offering such a "Cloud Service"? - No audit, no user >> verification needed, no pain, just the plain CA in the sky... > > Well, we actually do this to some extent but a technology provider > should also be a bit cautious about competing with their customers... > > The largest EJBCA-powered "CA in the Sky" is probably the Swedish BankID > where a number of banks have outsourced the "Certificate Factory" to > another party (BankGiroCentralen) so this concept is well established. > I.e. the BankID member banks are RAs for their customers. Ah, I see, BankGiroCentralen is something like SIX Group in CH (owned by Swiss banks. They offer as well PKI services to Swss banks (have no idea, what PKI system it is) Hint: http://www.six-interbank-clearing.com/tkicch_index/tkicch_home/tkicch_onswissinterbankclearing/tkicch_news_mediareleases/tkicch_media_zkbdatalink.htm?printout=1 -> is part of six-group.com > The only "fly in the soup" is that enrolling smart cards using a cloud > CA is not particularly straightforward. Therefore BankID is only > able to enroll "soft tokens" directly to end-users. Hard tokens > require physical distribution of tokens and have thus never gotten > very big. If distribution is the problem I doubt, as banks send random number generators (little plastic thing) to every on-line banking customer as well. Maybe the costs of hard tokens are too high. Cheeers, Andreas > > Anders > >> >> Just my 2 Rappen >> >> >> Cheers, Andreas >> >> Am 18.07.2012 08:05, schrieb ejbca-support: >>> Hans, >>> There is another option to consider as well. >>> >>> If you are targeting an external market of employee/member certificates >>> you could run the CA as a "Cloud Service" where external administrators >>> perform the the actual RA tasks. Then your work is limited to running >>> a secure service; not verifying that people are what they claim to be :-) >>> >>> Just my 2 öres >>> >>> Anders >>> PrimeKey tech support >>> >>> On 2012-07-17 23:14, Hans Witvliet wrote: >>>> Hi Tomas, Martin, andreas, Tham, rshad and all others... >>>> >>>> Yes, i think i've got the rough picture. >>>> >>>> >From a hardware/software p.o.v. its complication compares with a >>>> telephone exchange, (between singe server and datacenter full of >>>> equipment) >>>> >>>> @Tomas: no i don't underestimate the costs of an HSM, but these are >>>> well-known expensive, but you get value/safety for money. >>>> otoh the amount of hours needed for a project is (from what i know) >>>> always vastly under estimated. With the well known end results: >>>> - unfinished projects >>>> - going over budget >>>> - unpaid overtime. >>>> >>>> At least now i'm convinced that if it comes this far, i'll not be >>>> tempted to give estimations myself (towards a customer), but leave that >>>> to someone more experienced in managing projects. >>>> >>>> thank you all very much indeed. >>>> >>>> Hans >>>> >>>> ------------------------------------------------------------------------------ >>>> Live Security Virtual Conference >>>> Exclusive live event will cover all the ways today's security and >>>> threat landscape has changed and how IT managers can respond. Discussions >>>> will include endpoint security, mobile security and the latest in malware >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > -- Andreas Bürki E-Mail: ab...@an... Zertifikat - SHA1-Fingerprint: 54:99:02:5F:60:CE:7A:27:0E:73:79:24:CA:C7:A0:CC:60:39:05:9F |