On 04/16/2015 10:03 AM, Fraser Tweedale wrote:
Please review my Certificate Profiles design proposal:
Let me know what is unclear, what needs expansion, and what is plain
The schema for storing multiple certificates for a principal is
still being discussed but I expect it will be agreed soon, and I
will add it to the document.
I am revising the sub-CAs design proposal and it will soon be
published for review as well.
I've read the design page and even though I know only a little about
Dogtag it makes sense to me.
Just a few notes:
3.4 Retrieve profile - There was XML format twice (probably
copy-paste-forget to modify :-) I changed it, feel free to revert the
change if it was intentional.
3.5 Delete profile - IMO the profile should be deleted when user
requests that. If the profile must be disabled before deleted do it as a
part of deletion.
3.6 Enable/disable profile - When user request enabling/disabling of
already enabled/disabled profile there is no need to return an error.
User wants it to be enabled/disabled and it is, job done.
5.2.1 CLI - I would change the command to 'ipa certprofile-add' to stay
consistent with rest of FreeIPA commands.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code