On 04/16/2015 10:03 AM, Fraser Tweedale wrote:
Hi everyone,

Please review my Certificate Profiles design proposal:
http://www.freeipa.org/page/V4/Certificate_Profiles

Let me know what is unclear, what needs expansion, and what is plain
wrong :)

The schema for storing multiple certificates for a principal is
still being discussed but I expect it will be agreed soon, and I
will add it to the document.

I am revising the sub-CAs design proposal and it will soon be
published for review as well.

Cheers,
Fraser

Hi Fraser,
I've read the design page and even though I know only a little about Dogtag it makes sense to me.

Just a few notes:

3.4 Retrieve profile - There was XML format twice (probably copy-paste-forget to modify :-) I changed it, feel free to revert the change if it was intentional.

3.5 Delete profile - IMO the profile should be deleted when user requests that. If the profile must be disabled before deleted do it as a part of deletion.

3.6 Enable/disable profile - When user request enabling/disabling of already enabled/disabled profile there is no need to return an error. User wants it to be enabled/disabled and it is, job done.

5.2.1 CLI - I would change the command to 'ipa certprofile-add' to stay consistent with rest of FreeIPA commands.

--
David Kupka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to