[Freeipa-devel] [DESIGN] Thin client

Jan Cholasta jcholast at redhat.com
Tue Apr 26 11:54:57 UTC 2016 

On 26.4.2016 13:26, Petr Spacek wrote:
> On 26.4.2016 12:28, Jan Cholasta wrote:
>> Hi,
>>
>> see <http://www.freeipa.org/page/V4/Thin_Client> for initial design of the
>> Thin client feature. The API compatibility part of the design is work in
>> progress (by me), as is the client side caching part (by David).
>>
>> Big thanks to David for actually writing most of the text in the design page.
>>
>> Comments and suggestions are welcome.
>
> In general it is good.
>
> I have two questions:
> 1) Caching
>> IPA client can cache downloaded metadata to reduce traffic and reduce start up time. IPA client can send metadata fingerprint with request. When newer metadata are available server must add warning to the response.
>
> Shouldn't it be an hard error when client sends old metadata? I do not like
> the warning because when you receive a warning it is too late to cancel the
> command.

You are right that a hard error might be better in this case. However, a 
metadata update should have no effect on the functionality of the 
command being executed, so it can very well be a warning to save the 
client a round trip to the server.

(Note that the client sends only fingerprint of the metadata.)

>
>
> 2) Client/server side plugins.
> I expect that some very special features (like client-side OTP provisioning)
> might depend particular version/range of version on the client.
>
> Will the metadata include version range which can be checked on client side to
> make sure that everything is compatible (for given command/plugin)?

No. You can't make incompatible changes to existing commands, so 
everything the client needs to know is whether the server supports the 
command or not, which is already provided in the metadata. If you *need* 
to do incompatible changes, you will have to introduce a new version of 
the command (which is basically a different command with the same name), 
but the server will still support the old version, so old clients will 
not break.

>
>
> Other than that it seems reasonable. I'm looking forward to see more details!
>


-- 
Jan Cholasta

More information about the Freeipa-devel mailing list