Simo Sorce wrote:
On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote:
There is currently no way to search for a certificate. You can only look
it up if you already know the serial number.

Dogtag 10 has a fresh API which makes searching very easy. I've started
designing a search interface here: http://freeipa.org/page/Cert_find

Comments welcome.

CAn you move it under V3/ that's where we agreed to put new designs for
the v3 series

Fixed.


I was able to create a proof-of-concept (minus date options) using this
API in about 90 minutes.

Great!

Question, how is authentication done ?
Or is this all public information that can be freely obtained
anonymously ?
Or will we provide access control in the IPA API and let the dogtag REST
interface be available only on localhost ?

IMHO issued certificates are public, no point in adding a role/permissions to protect the search of them.

The dogtag port is 8080 for this which I believe one doesn't need to open in the firewall, so only authenticated IPA users would have access.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to