I'm working with Marek on integration of Signo in CLI and API. As we are
building it from scratch we would like to invite broader audience for
discussion and to help us make it right.
We have prepared diagram [1] describing the expected communication
between all the participants.
Here are user stories we put together with Marek and Tomas:
- As a CLI user I would like to use Signo for authentication
- As a CLI user I would like to choose from multiple secrets to sign my
request - As a CLI user I would like to have set the last requested secret as a
default - As a CLI user I would like to set the default secret
- As a CLI user I would like to see list of my secrets with their
expiration and issue dates - As a CLI user I would like to set expiration in the request (e.g.
longer for cron jobs) - As a CLI user I would like to limit scope of actions the secret
authorizes me to do - As a CLI user I would like to be able to disable the secret
- As a CLI user I would like to be able to remove expired secrets
- As a Signo user I would like to see all my secrets via Web UI
- As a Signo user I would like to disable particular secret via Web UI
- As a Signo user I would like to create secret via WebUI
- As a CLI user I would like to use secret created in WebUI (sync/store?)
and last but not least is list of things we need to brainstorm first:
- In CLI how to handle attempt to auth a request with invalid cert?
(error/try to get new secret) - Shouldn't we disable passing passwords as a parameter on commandline?
What use cases it could brake? UX? - How to protect stored secrets on client?
Comments (especially to unresolved topics) are highly appreciated.
Cheers,
Martin
[1]