Python Binding for PKIF and PKIFCMS
Status: Complete! Will be published after the release of 2.1.8.
Python is useful for a very wide range of applications, from quick administrative scripts to web pages to robust network services to high quality desktop applications. In environements where an X.509 PKI is used for user identification, data identification and data encryption, though, python is still quite difficult to use. There are few options for certification path processing, and most of what’s available focuses on the cryptography.
PKIF would be a good choice for a pythonic interface to PKI services. It runs on the most important platforms where Python does and its class hierarchy would not feel out of place in python code.
Someone interested in this as a project could start by looking at the existing swig interfaces for .Net and Java, and see how those map to python. It also would make sense to investigate Boost.Python (given PKIF’s wide use of other boost libraries) and determin whether that’s a better path to a python interface.
References
* <a href="http://www.boost.org/doc/libs/1_38_0/libs/python/doc/index.html">Boost.Python</a>
* <a href="http://www.swig.org/Doc1.3/Python.html">Swig and Python</a>
Refactor PKIF’s Mediator/Colleague interface
Status: Unclaimed
- Make all colleagues copyable
-
Enhance the ability to inspect and dynamically alter PKIF’s mediator/colleague sets with
- named colleagues
- reorderable colleagues
-
a generic serialization interface for colleagues
- ability for PKIFConfigSerialization to load/save colleagues without knowing about them
References
* <a href="http://en.wikipedia.org/wiki/Mediator_pattern">Mediator Pattern</a>
* <a href="http://pkif.sourceforge.net/pkif-docs/docs/Help/Mediator_Colleague_overview.html">Overview of Mediators and Colleagues in PKIF</a>
PKIF S/MIME
Status: Unclaimed
Using PKIFCMS, build a “PKIF S/MIME” implementation with a high-level interface for composing and sending secure mail messages. This would be particularly useful for server applications. A useful accompaniment to this would be a sendmail-compatible command line utility which only sends encrypted mail.
References
* <a href="http://tools.ietf.org/html/rfc3851">RFC 3851</a>
PKIF DSSC
Status: Partially implemented. Will be posted after the 2.1.8 release
PKIFCMS, PKIFTSP, PKIFERS and PKIFSCVP provide a strong foundation for addressing issues associated with digital signature preservation, i.e., reliance on digitial signatures over a period of many years. DSSC is a new IETF specification that enables the representation of policies that describe the security suitabilities of cryptographic algorithms. For example, a DSSC policy may indicate that a particular algorithm or cryptographic key was not fit for use at a particular point in time. A DSSC implementation would be a nice complement to PKIF’s existing support for digital signature preservation. The implementation would parse, authenticate and process DSSC policies, using existing PKIF components for authentication.
References
* <a href="http://tools.ietf.org/html/rfc3851">RFC 3851</a>
Other Ideas
Other ideas for improvement are always welcome. Feel free to tell us about them on the forums
Google Summer of Code
PKIF has been accepted into the Google Summer of Code as a mentoring organization. This means students can apply to Google for the opportunity to help us develop these ideas. If you’d like to introduce yourself, discuss these ideas, or propose new ones, please visit our discussion forum!