2022-03-25 15:50:45 +00:00
|
|
|
## Server props
|
|
|
|
- default DN parts: country, state, city, org, OU
|
|
|
|
- "customizable" flags for DN parts
|
|
|
|
- flag: use client-to-client
|
|
|
|
- force cipher, tls-cipher, auth params
|
|
|
|
- server name
|
2022-03-29 23:36:23 +00:00
|
|
|
- default certification duration
|
2022-03-25 15:50:45 +00:00
|
|
|
- default certificate algo
|
|
|
|
|
|
|
|
## User props
|
2022-03-29 23:36:23 +00:00
|
|
|
- username (CN part)
|
2022-03-25 15:50:45 +00:00
|
|
|
- password
|
|
|
|
- custom DN parts: country, state, city, org, OU
|
2022-03-29 23:36:23 +00:00
|
|
|
- email (DN part)
|
|
|
|
- tags
|
2022-03-25 15:50:45 +00:00
|
|
|
|
2022-03-29 20:46:40 +00:00
|
|
|
## User tags
|
2022-03-25 15:50:45 +00:00
|
|
|
- admin: administrator
|
|
|
|
- login: can log into the web interface
|
2022-03-29 23:36:23 +00:00
|
|
|
- issue: can certify own devices (without approval)
|
|
|
|
- renew: can renew certificates for own devices (without approval)
|
2022-03-25 15:50:45 +00:00
|
|
|
|
|
|
|
## Device props
|
2022-03-29 23:36:23 +00:00
|
|
|
- name (CN part)
|
2022-03-25 15:50:45 +00:00
|
|
|
- type (icon)
|
2022-03-29 23:36:23 +00:00
|
|
|
- approved: bool
|
2022-03-25 23:03:56 +00:00
|
|
|
- expiry
|
2022-03-29 23:36:23 +00:00
|
|
|
|
|
|
|
## Permissions
|
|
|
|
- admin cannot "admin" itself (to prevent self decapitation)
|
|
|
|
- admin can "edit", "admin" and "create" everything else
|
|
|
|
- user can "edit" itself and its devices
|
|
|
|
- user can "create" devices for itself
|
|
|
|
|
|
|
|
### User
|
|
|
|
- edit: change DN parts, password
|
|
|
|
- admin: add or remove tag, delete, generate password
|
|
|
|
|
|
|
|
### Device
|
|
|
|
- edit: change type, delete
|
|
|
|
- admin: approve
|