On Thu, 2012-11-15 at 09:54 -0500, Rob Crittenden wrote: > Simo Sorce wrote: > > On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote: > >> There is currently no way to search for a certificate. You can only look > >> it up if you already know the serial number. > >> > >> Dogtag 10 has a fresh API which makes searching very easy. I've started > >> designing a search interface here: http://freeipa.org/page/Cert_find > >> > >> Comments welcome. > > > > CAn you move it under V3/ that's where we agreed to put new designs for > > the v3 series > > Fixed. > > > > >> I was able to create a proof-of-concept (minus date options) using this > >> API in about 90 minutes. > > > > Great! > > > > Question, how is authentication done ? > > Or is this all public information that can be freely obtained > > anonymously ? > > Or will we provide access control in the IPA API and let the dogtag REST > > interface be available only on localhost ? > > IMHO issued certificates are public, no point in adding a > role/permissions to protect the search of them.
Well I bet some people will want that anyway :-) But we can defer closing down till we get RFEs for that. > The dogtag port is 8080 for this which I believe one doesn't need to > open in the firewall, so only authenticated IPA users would have access. ok, good to know Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel