[Freeipa-devel] cert-find design
Simo Sorce
simo at redhat.com
Thu Nov 15 15:16:38 UTC 2012
On Thu, 2012-11-15 at 09:54 -0500, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote:
> >> There is currently no way to search for a certificate. You can only look
> >> it up if you already know the serial number.
> >>
> >> Dogtag 10 has a fresh API which makes searching very easy. I've started
> >> designing a search interface here: http://freeipa.org/page/Cert_find
> >>
> >> Comments welcome.
> >
> > CAn you move it under V3/ that's where we agreed to put new designs for
> > the v3 series
>
> Fixed.
>
> >
> >> I was able to create a proof-of-concept (minus date options) using this
> >> API in about 90 minutes.
> >
> > Great!
> >
> > Question, how is authentication done ?
> > Or is this all public information that can be freely obtained
> > anonymously ?
> > Or will we provide access control in the IPA API and let the dogtag REST
> > interface be available only on localhost ?
>
> IMHO issued certificates are public, no point in adding a
> role/permissions to protect the search of them.
Well I bet some people will want that anyway :-)
But we can defer closing down till we get RFEs for that.
> The dogtag port is 8080 for this which I believe one doesn't need to
> open in the firewall, so only authenticated IPA users would have access.
ok, good to know
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list