[Pki-devel] Request for better Dogtag 10 terminology . . .
Ade Lee
alee at redhat.com
Fri May 11 15:02:23 UTC 2012
The term "instance" makes sense in this context when we are talking
specifically about either a single tomcat or a single apache instance,
even if that instance happens to correspond to multiple subsystems. And
this would make sense, because all of the subsystems within that
instance would be started/stopped by a single init script, and they will
share things like a password.conf file and a common nss database.
In the proposed layout though, we have the possibility of the "instance"
containing both an apache and a tomcat instance - and hence the casting
around for a new name.
Unless we plan on writing some hybrid init script, that allows us to
start/stop both apache and tomcat instances at the same time (which is
very unlikely in the near future - and probably a bad idea in any case),
maybe we should not allow the "instance" to contain both apache and
tomcat instances.
Instead I suggest the following :
/var/lib/pki/tomcat0 (for the ca, kra, ocsp, tks)
/var/lib/pki/apache0 (for the ra, tps)
I think I like tomcat0 and apache0 rather than "default" - it makes it
clearer that this is an instance name and also the type of instance.
Ade
On Fri, 2012-05-11 at 13:25 +0530, Kashyap Chamarthy wrote:
> On 05/11/2012 07:08 AM, John Dennis wrote:
> > On 05/10/2012 08:02 PM, Matthew Harmsen wrote:
> >> As initially stated, we would like to replace the *"[instance]"*
> >> notation and *"PKI instance"* terminology currently used within
> >> Dogtag 10 with something that is more descriptive and more accurate.
> >> While several alternatives have already been suggested, none have
> >> gained wide-spread acceptance:
> >
> > Actually I think the term "instance" is descriptive and accurate, it makes perfect sense
> > to me in the context of how it's being used.
>
> Agreed.
>
> Terms like cluster, domain, realm, group,
> > etc. have so many other connotations I think it would be more confusing because it implies
> > something it's not.
>
> True, from a QE perspective, it's easier to refer it as pki(ca, etc,) instance while
> communicating to debug an issue. Also, the terms you mentioned are really over used in
> general, and in other projects. Not to mention, the word realm also being used in
> kerberos, 'group' being a standard *nix term, domain(again, a very vague term).
>
> >
>
>
More information about the Pki-devel
mailing list