On 03/17/2016 06:16 PM, Martin Babinsky wrote:
> Hi list,
> 
> here is a link (http://www.freeipa.org/page/V4/Server_Roles) to WIP design
> document concerning the concept of Server Roles as a user-friendly abstraction
> of the services running on IPA masters.
> 
> The main aim of this feature is to provide a higher level interface to query
> and manipulate service-related information stored in dirsrv backend.
> 
> I have not touched the design much from the post-Devconf session, mainly
> because there are some points to clarify and agree upon.

Initial thoughts:

* Use Cases: these are rather vague points what you want to implement. In Use
Case section, I would like to see what specific *user* use cases you are
addressing, i.e. what user problems you are solving. Ideally in a form of a
user story. Like here:

http://www.freeipa.org/page/V4/User_Life-Cycle_Management#Use_Cases
or here:
http://www.freeipa.org/page/V4/Authentication_Indicators#Use_Cases
or here:
http://www.freeipa.org/page/V4/External_trust_to_AD#Use_Cases

> I have the following points to discuss:
> 
> 1.) the design assumes that there is a distinction between roles such as DNS
> server, CA, etc. and the more specific sub-roles such as DNSSec key master, 
> CRL
> master, etc. Now in the hindsight I think this distinction is quite artificial
> and just clutters the interface unnecessarily. We might implement this kind of
> hierarchy in the code itself but that is something the user needs not be 
> aware of.

Well, there are dependencies. A server cannot be a CRL master without also
being a CA role. I assume same applies to DNSSEC master.

I think we need to think more about distinguishing what is role, what is just
an attribute of a role, etc. AD for example distinguishes roles, role service
and features:

https://technet.microsoft.com/en-us/library/cc754923.aspx

Martin

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to