search

jbostoen / iTop-custom-extensions

Extensions for iTop . New classes (SIM cards, Monitors, IP Devices), more powerful Mail to Ticket automation, basic info on pro extensions such as geometry and ticket merge, some concepts (Check Out system), several small tweaks.
GNU General Public License v3.0
36 stars 13 forks source link

Certificates: hierarchical view #29

Open jbostoen opened 4 years ago

jbostoen commented 4 years ago

Type: request

Version info:

Description: Hierarchical view for certificates

Hipska commented 4 years ago

I have something for certs laying around. Intrested?

jbostoen commented 4 years ago

Just datamodel or also something more? Already got a bit of a class myself :)

Hipska commented 4 years ago

Datamodel only indeed. Has hierarchical keys + impact relations:

image

WebApplication has a direct link, SoftwareInstance is with a link class because multiple certs can be linked.

I had a look at your implementation, but I don't agree with linking certs to Server or VM.

jbostoen commented 4 years ago

Datamodel only indeed. Has hierarchical keys + impact relations:

image

WebApplication has a direct link, SoftwareInstance is with a link class because multiple certs can be linked.

I had a look at your implementation, but I don't agree with linking certs to Server or VM.

That's also a nice idea. Well it's still a bit of a concept. We're going to step away from the way iTop defines the software and license classes, because licenses really aren't flexible enough for us to keep track of everything and we were also struggling with software versions.

I linked it to a Server/VirtualMachine for cases where it's used for services. You could argue that's a WebApplication or SoftwareInstance and that they each might have a dedicated certificate for their purpose, but I didn't think those classes (or our interpretation of them) covered it all. For instance, what about LDAPS connections where the certificate is really tied to your server? Or we also have an instance where one of our servers has a certificate used for identification to another secure FTP server.

Using relations is a nice idea!

Hipska commented 4 years ago

For instance, what about LDAPS connections where the certificate is really tied to your server?

The cert is still not tied to the server, but to the LDAP service instance. (As the same server can also have other certs for other software running on the same server.)

Or we also have an instance where one of our servers has a certificate used for identification to another secure FTP server.

Are we also talking about the same kind of certificates here? Or more like public and private keys for authentication like usual on SSH connections?