Forum: CFEngine Help Subject: Re: Thoughts of encrypting the entire Cfengine workspace? Author: Ed Link to topic: https://cfengine.com/forum/read.php?3,25714,25723#msg-25723
integrating WebID would be a nice way to serve machine specific policies in a controlled fashion. http://www.w3.org/wiki/WebID if you review the WebID list you can find that as a method it can be applied as authentication on a wide variety of digital transactions. Looks like a transactional form of CFengine is needed. Client at boot gets key from local DNSSEC to open encrypted partition /var/cfengine Server breaks out all promise potential (graph) aka REST Client server handshake with WebID informs server of specific promise set needed by client Server serves up appropriate promises to client on encrypted /var/cfengine if client is lost to the org, remove the WebID and CFengine promises are minimally compromised? but then I use CFengine on laptops too... for runtime, I think you're going to have to look at SElinux - a promise maybe, but that breaks the non-linux systems _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
