This is the sixth in a series of messages describing new features in Isode R14.4, scheduled to ship in April 2009. You can see all of the messages on this blog relating to R14.4 by clicking on this link
Use of X.509 Digital Signatures for peer authentication and other security services such as signed operations and message origin authentication is an important part of Isode's product set.
A "Secure Identity" is an entity that is making use of digital signatures, and thus has an associated private key. This can be a server (M-Vault; M-Link; or M-Switch) or a client (Sodium; XUXA; X.400 Client Library; or Directory Client Library). The primary feature of a secure identity is holding a private key, and the availability of an associated Certificate for verification.
The current preferred mechanism is a PKCS#12 file. Future releases will extend this to OS Access Mechanisms (e.g., Windows CAPI) and Smart Cards (using PKC#11). The current release enables easy generation of secure identities from Sodium, by generating a public/private key pair and a PKCS#10 CSR (Certificate Signing Request) that is passed to a CA (Certificate Authority) which will generate the Certificate. The resulting certificate may be published in the directory, and used to construct a PKCS#12 file with the private key, that is then installed in an appropriate location.
Isode R14.4 adds capabilities for easy GUI management of secure identities within Sodium. This includes basic capabilities to list, delete, and view secure identity information. Display of secure identity details facilitates identity selection and validation of configuration. Editing facilities would be prone to user error, so we recommend creation of new secure identity rather than modification.
These changes will enable easy configuration and management of secure identities, which will help deployment of security services that rely on secure identity.
Comments