* Martin Schmidkunz
Hi,
I am just pondering about the design of the "Details of Registration Server" dialog, where the user is able to modify the registration server and to administer needed certificates and I have some questions about it: * Do we want to do configuration of registration server via GUI at all? No. I don't see this requested and it also wouldn't match our target audience (unexperienced users).
* Is there more than one certificate issued by the registration server? From my talk with Jens Daniel I got the information, that there will be one registration server so I guess that it will issue one certificate, but you know how it is with guessing :-) Ask Michael Calmer and Thomas Goettlicher, they're handling such issues for SLMS.
I currently see two certificates in the WebYaST architecture. 1. To establish trust between the appliance and the registration server. 2. To establish trust between the appliance and the browser. case 1 would ideally be handled when creating the appliance by pre-installing the certificate on the appliance. If this is not the case, we need an acceptance pop-up in WebYaST. case 2 would be a no-brainer if the vendor installs a 'commercial' certificate, i.e. one with a trust chain already build into the browser. Otherwise, certificate acceptance is done by the browser outside WebYaSTs influence.
* Does acceptance of certificate mean that, a user action is required to accept/install it? I'd say yes for both cases.
* How are "Do you want to accept this certificate?" pop ups handled, which are provided by a browser? You must not influence those. Its up to the user, not the originating website to accept/deny trust.
Are they suppressed or if enabled would the user accept the certificate by clicking the pop up instead of a button in the webYaST GUI?
For case 1 above, the dialog is handled by the browser. For case 2 WebYaST must provision this.
* Do we want to visualize import/export certificate in the GUI? Would we need this ? Whats the usecase here ?
* Do we want to allow the user to delete a certificate or do we just display a certificate obtained by connecting to registration server? The latter. Certification management is not a priority right now.
Hth, Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org