Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: EJBCA 6.14.0
-
Component/s: None
-
Labels:None
-
Stakeholder:R&D
-
Epic Link:
-
Sprint:EJBCA Sprint 14, EJBCA Sprint 15, EJBCA Sprint 16
Description
This should be completed before GUI or persistence is implemented
This is an implementation mismatch from the previous version and not related to the RFC update.
AcmeConfiguration (which can be part of the URL corresponding to "aliases" in CMP/SCEP/EST to serve different types of ACME clients) maps to EEP, link to ToS and is where external account requirement is configured.
AcmeAccount represents the ACME client (key pair).
We currently have
AcmeAccounts are global for all aliases, but needs to agree to the ToS for each AcmeConfiguration ("alias").
External account requirement is however only checked for the AcmeConfiguration the account is created under. → Makes it optional.
Discarded option
We could have the option make the external account binding configuration global (e.g. shared for all "aliases"), but this would prevent ACME on the same installation to be used for both "public" and "external" accounts.
We want to have
Since different AcmeConfigurations ("aliases") can have different requirements on the AcmeAccount we should add a AcmeAccount.configurationId field.
An ACME client will still be able to register separate AcmeAccounts for different AcmeConfigurations.
