Re: [Freeipa-devel] cert-find design
On Thu, 2012-11-15 at 09:54 -0500, Rob Crittenden wrote: Simo Sorce wrote: On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote: There is currently no way to search for a certificate. You can only look it up if you already know the serial number. Dogtag 10 has a fresh API which makes searching very easy. I've started designing a search interface here: http://freeipa.org/page/Cert_find Comments welcome. CAn you move it under V3/ that's where we agreed to put new designs for the v3 series Fixed. I was able to create a proof-of-concept (minus date options) using this API in about 90 minutes. Great! Question, how is authentication done ? Or is this all public information that can be freely obtained anonymously ? Or will we provide access control in the IPA API and let the dogtag REST interface be available only on localhost ? IMHO issued certificates are public, no point in adding a role/permissions to protect the search of them. Well I bet some people will want that anyway :-) But we can defer closing down till we get RFEs for that. The dogtag port is 8080 for this which I believe one doesn't need to open in the firewall, so only authenticated IPA users would have access. ok, good to know Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] cert-find design
On Thu, 2012-11-15 at 09:54 -0500, Rob Crittenden wrote: Simo Sorce wrote: On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote: There is currently no way to search for a certificate. You can only look it up if you already know the serial number. Dogtag 10 has a fresh API which makes searching very easy. I've started designing a search interface here: http://freeipa.org/page/Cert_find Comments welcome. CAn you move it under V3/ that's where we agreed to put new designs for the v3 series Fixed. Thanks I removed the redirect too. The new link is: http://freeipa.org/page/V3/Cert_find Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] cert-find design
On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote: There is currently no way to search for a certificate. You can only look it up if you already know the serial number. Dogtag 10 has a fresh API which makes searching very easy. I've started designing a search interface here: http://freeipa.org/page/Cert_find Comments welcome. CAn you move it under V3/ that's where we agreed to put new designs for the v3 series I was able to create a proof-of-concept (minus date options) using this API in about 90 minutes. Great! Question, how is authentication done ? Or is this all public information that can be freely obtained anonymously ? Or will we provide access control in the IPA API and let the dogtag REST interface be available only on localhost ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
