[Freeipa-devel] design review: Certificate Profiles
David Kupka
dkupka at redhat.com
Fri Apr 17 05:26:55 UTC 2015
On 04/16/2015 10:03 AM, Fraser Tweedale wrote:
> Hi everyone,
>
> Please review my Certificate Profiles design proposal:
> http://www.freeipa.org/page/V4/Certificate_Profiles
>
> Let me know what is unclear, what needs expansion, and what is plain
> wrong :)
>
> The schema for storing multiple certificates for a principal is
> still being discussed but I expect it will be agreed soon, and I
> will add it to the document.
>
> I am revising the sub-CAs design proposal and it will soon be
> published for review as well.
>
> Cheers,
> Fraser
>
Hi Fraser,
I've read the design page and even though I know only a little about
Dogtag it makes sense to me.
Just a few notes:
3.4 Retrieve profile - There was XML format twice (probably
copy-paste-forget to modify :-) I changed it, feel free to revert the
change if it was intentional.
3.5 Delete profile - IMO the profile should be deleted when user
requests that. If the profile must be disabled before deleted do it as a
part of deletion.
3.6 Enable/disable profile - When user request enabling/disabling of
already enabled/disabled profile there is no need to return an error.
User wants it to be enabled/disabled and it is, job done.
5.2.1 CLI - I would change the command to 'ipa certprofile-add' to stay
consistent with rest of FreeIPA commands.
--
David Kupka
More information about the Freeipa-devel
mailing list