Re: [Pki-devel] Design page for automation of shared secret generation between TKS and TPS

Tuesday, 3 September 2013

Ade,

Thanks for the writeup.

Overall, I think the design (including the JSS change proposal) looks 
plausible.  Just a couple quick comment/question:

1. You seemed to be saying that but I can't be sure as I'm not familiar 
with the REST interface : the two methods createSharedSecret and 
deleteSharedSecret  are not exposed to entities other than the TKS 
instance itself (TKS admin).
I agree with that if that's what you said.  TPS should only have access 
to the getSharedSecret method, provided with proper SSL client (TPS 
subsystem) cert.

2. Can tokstool still be used if one chooses to?  If so, maybe an extra 
wizard panel option on TPS to select that.

Christina

thanks,
Christina

On 08/30/2013 02:33 PM, Ade Lee wrote:
...
 Hey guys,

 As requested by cfu, I've written up how we plan to change how the
 TKS-TPS shared secret is generated and shared.

 The design is here:
 http://pki.fedoraproject.org/wiki/Automated_generation_of_Shared_Secret

 Please review and provide comments.
 Thanks,
 Ade

 _______________________________________________
 Pki-devel mailing list
 Pki-devel(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-devel 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-devel] Design page for automation of shared secret generation between TKS and TPS