Flock

Dogtag is the community upstream project for the Red Hat Certificate System, an enterprise Public Key Infrastructure (PKI) implementation used by the largest PKI deployments in the world. Dogtag encompasses the full lifecycle of certificate management: certificate issuance, publishing and revocation, generation of CRLS and OCSP responses, key escrow, and smart token management. Its also used for certificate management in FreeIPA.
In the latest version of Dogtag, a new RESTful interface has been added, leveraging the RESTEasy framework. This new API makes it simple to install and write clients to interact with Dogtag servers to perform certificate operations.
In addition, the Data Recovery Manager (DRM), the Dogtag subsystem that is used to securely escrow private data encryption keys, was enhanced to be able to store secrets of any type - such as symmetric keys (like data encryption keys) and passwords. This ability is also exposed through REST resources. There is an active collaboration with CloudKeep to use the DRM as the backend storage for a cloud-wide secret storing server.
In this talk, we'll introduce Dogtag, describe the interface and show how to write Java and Python clients. We'll also talk about current integration efforts (FreeIPA and CloudKeep), and future plans for expanding the REST API.