river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sim IJskes - QCG <...@qcg.nl>
Subject Re: Application Code Auditing & Signing Area
Date Mon, 18 Jan 2010 10:32:15 GMT
Sim IJskes - QCG wrote:
> So in practice i foresee the following. There is a central deployment 
> source for code & rootcerts. 1 rootcert identifies the deployment 
> cloud/cluster/environment. Every node identifies itself by a indiviual 
> cert signed by this rootcert. There is a cert generation facility 
> running on the central deployment source, that allows for generation of 
> new certs based on a cert request, signed with a external 
> identification. The cert generation facility accepts this request either 
> implicitly or by some other external verification.

And this central deployment facility with own rootcert is run by anybody 
who wants to source executable code, either by beeing the author or by 
beeing a clearing house for code vetting.

Gr. Sim

-- 
QCG, Software voor het MKB, 071-5890970, http://www.qcg.nl
Quality Consultancy Group b.v., Leiderdorp, Kvk Leiden: 28088397

Mime
View raw message