Java 7 update security changes
Robert J. Hanisch
hanisch at stsci.edu
Thu Jan 16 06:31:53 PST 2014
VO India has agreed to take on the IVOA document repository. This sounds
like it would be a minor addition to their responsibilities.
Bob
On 1/16/14 4:53 AM, "Norman Gray" <norman at astro.gla.ac.uk> wrote:
>
>Laurent, hello.
>
>On 2014 Jan 16, at 08:39, Laurent Bourgès <bourges.laurent at gmail.com>
>wrote:
>
>> Is is possible that IVOA provides one single trusted certificate to VO
>> application deployers ?
>>
>> Doing so, a single organisation (=IVOA) will pay the trusted
>> certificate (to global sign for example) ~ few hundred dollars (=563$
>> for 3 years) !
>
>That's an interesting thought.
>
>That would require (if I understand you) distributing such a certificate
>and its password in a fairly unrestricted way. It's possible, I suppose,
>that this would be against the terms of issue of such a certificate
>(though I haven't checked).
>
>An alternative model, which goes more with the grain of how certificates
>are expected to be used, would be to give such a certificate to the IVOA
>document librarian -- this is currently Sarah, but if I recall correctly
>Caltech are hoping to pass this on to another organisation. The
>librarian could then sign the application and turn it round with the same
>sort of timescale as when one submits documents to ivoa.net/Documents.
>
>This needn't be an elaborate process, since the librarian is probably at
>least acquainted with all of the VO developers who'd be wanting
>applications signed. It would add a final 1--2 day delay to the release
>of a new application version, but that presumably happens sufficiently
>rarely that it's bearable.
>
>All the best,
>
>Norman
>
>
>--
>Norman Gray : http://nxg.me.uk
>SUPA School of Physics and Astronomy, University of Glasgow, UK
>
More information about the apps
mailing list