Project Information:template OpenSign Server Project - 50 Review - Self Evaluation - A

Project Deliveries & Objectives

OWASP OpenSign Server Project's Deliveries & Objectives

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The Certification Authority functionality including a web interface as well as a web-service one has been realised. It is possible to generate X.509 hierarchies whereas each public key is easily accessible to anyone who intends to use it. Furthermore, a Java client application allows the certificate download, the posting of a PKCS10 certificate signing request in order to obtain a new certificate and the certificate chain verification.

Initial objectives, which have not been met so far, are the upload of code modules - having the server sign the modules, the use of cryptography hardware and the support for .NET signing. Furthermore, educational documentation of code signing/verifying is not written yet. We consider that the upload of code modules as well as the usage of cryptographic hardware should not be an objective for the scope of SOC 2008. We think it is better to focus on a light weight version of the server, which would attract a broader range of users instead of only those having sophisticated/expensive infrastructures in place.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

OpenSign Server: 70%

Client Tools – OSSJClient: 80%

Documentation: 20%

3. What kind of help is required either from the Reviewers or from the OWASP Community?

No additional help is required at the moment.