Keystores do not expose same operation -------------------------------------- Key: ELY-1608 URL: https://issues.jboss.org/browse/ELY-1608 Project: WildFly Elytron Issue Type: Bug Components: KeyStores Affects Versions: 1.4.0.Final Reporter: Martin Choma This JIRA is in this stage for discussion purposed. In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem. I want to discuss. * {code} diff key-store.operations ldap-key-store.operations 5,9d4 < "change-alias", < "export-certificate", < "generate-certificate-signing-request", < "generate-key-pair", < "import-certificate", 14d8 < "load", 34d27 < "store", {code} load() was introduced by EAP7-455 rest of operations were introduced by EAP7-650 Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`. * filtering-key-store should it also contain extended operations or it is enough only underlying key-store has them * Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources. key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ? * Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.