[Pki-devel] Request for better Dogtag 10 terminology . . .

Ade Lee alee at redhat.com
Fri May 11 15:02:23 UTC 2012 

The term "instance" makes sense in this context when we are talking
specifically about either a single tomcat or a single apache instance,
even if that instance happens to correspond to multiple subsystems.  And
this would make sense, because all of the subsystems within that
instance would be started/stopped by a single init script, and they will
share things like a password.conf file and a common nss database.

In the proposed layout though, we have the possibility of the "instance"
containing both an apache and a tomcat instance - and hence the casting
around for a new name.

Unless we plan on writing some hybrid init script, that allows us to
start/stop both apache and tomcat instances at the same time (which is
very unlikely in the near future - and probably a bad idea in any case),
maybe we should not allow the "instance" to contain both apache and
tomcat instances.  

Instead I suggest the following :

/var/lib/pki/tomcat0 (for the ca, kra, ocsp, tks)
/var/lib/pki/apache0 (for the ra, tps)

I think I like tomcat0 and apache0 rather than "default" - it makes it
clearer that this is an instance name and also the type of instance.

Ade


On Fri, 2012-05-11 at 13:25 +0530, Kashyap Chamarthy wrote:
> On 05/11/2012 07:08 AM, John Dennis wrote:
> > On 05/10/2012 08:02 PM, Matthew Harmsen wrote:
> >>     As initially stated, we would like to replace the *"[instance]"*
> >>     notation and *"PKI instance"* terminology currently used within
> >>     Dogtag 10 with something that is more descriptive and more accurate.
> >>     While several alternatives have already been suggested, none have
> >>     gained wide-spread acceptance:
> > 
> > Actually I think the term "instance" is descriptive and accurate, it makes perfect sense
> > to me in the context of how it's being used. 
> 
> Agreed.
> 
> Terms like cluster, domain, realm, group,
> > etc. have so many other connotations I think it would be more confusing because it implies
> > something it's not.
> 
> True, from a QE perspective, it's easier to refer it as pki(ca, etc,) instance while
> communicating to debug an issue. Also, the terms you mentioned are really over used in
> general, and in other projects. Not to mention, the word realm also being used in
> kerberos, 'group' being a standard *nix term, domain(again, a very vague term).
> 
> > 
> 
>

More information about the Pki-devel mailing list