[Pki-devel] [PATCH] 313 Added TPS profile resource.
Ade Lee
alee at redhat.com
Tue Oct 1 05:01:51 UTC 2013
1. There is some code in ProfileModifyCLI that refers to changing the
status of the profile (enabled/ disabled) ie. an option that is read
in. However, that option value does not appear to be used in any way.
2. Profiles are unique in that - due to common criteria requirements,
profiles must be disabled by an agent before being changed by an admin.
Thats the meaning behind the target.agent_approve.list parameter.
So, there needs to be a call to enable/disable the profile, and this may
or may not have to be a call separate from modifyProfile() because the
authz/acls are different.
Also, there need to be checks to confirm that prior to any operation
that add/remove/modify the profile, the profile is disabled.
In fact, while only profiles are in the target.agent_approve.list, one
could choose to put any of the various elements in there, and so this
mechanism should be put in place generally.
Ade
On Tue, 2013-09-24 at 09:21 -0500, Endi Sukma Dewata wrote:
> A new REST service and clients have been added to manage the profiles
> in the TPS configuration file.
>
> Ticket #652
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list