[Pki-devel] GSS-API authnz design review

Hi Ade et al, I've opened a pagure PR with a draft (and incomplete) design for the GSS-API authentication: https://pagure.io/test_dogtag_designs/pull-request/8 There are still some areas to be investigated and some open questions. Please give it a once over and provide your thoughts. In particular I would like feedback on the idea to use alternative IAuthManager plugins for authorisation; identities from different IdPs would use different plugins (or different instances of plugins). I think this gives a nice integration when the system providing external identities (e.g. FreeIPA) already has concepts for authorisation of PKI-related operations (again, FreeIPA, certainly for CA and probably also for KRA too). Thanks, and have a nice weekend! Fraser