[Pki-devel] Design page for automation of shared secret generation between TKS and TPS
Christina Fu
cfu at redhat.com
Tue Sep 3 19:12:41 UTC 2013
Ade,
Thanks for the writeup.
Overall, I think the design (including the JSS change proposal) looks
plausible. Just a couple quick comment/question:
1. You seemed to be saying that but I can't be sure as I'm not familiar
with the REST interface : the two methods createSharedSecret and
deleteSharedSecret are not exposed to entities other than the TKS
instance itself (TKS admin).
I agree with that if that's what you said. TPS should only have access
to the getSharedSecret method, provided with proper SSL client (TPS
subsystem) cert.
2. Can tokstool still be used if one chooses to? If so, maybe an extra
wizard panel option on TPS to select that.
Christina
thanks,
Christina
On 08/30/2013 02:33 PM, Ade Lee wrote:
> Hey guys,
>
> As requested by cfu, I've written up how we plan to change how the
> TKS-TPS shared secret is generated and shared.
>
> The design is here:
> http://pki.fedoraproject.org/wiki/Automated_generation_of_Shared_Secret
>
> Please review and provide comments.
> Thanks,
> Ade
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list