doc: Rename actors to match caucase terminology

libssl is the exception, as the idea here is that it is a foreign piece of software which makes the call.

doc: Rename actors to match caucase terminology
libssl is the exception, as the idea here is that it is a foreign piece of software which makes the call.
bd2cc177 · Vincent Pelletier · ecd07d22 · bd2cc177
Commit bd2cc177 authored Aug 29, 2017 by Vincent Pelletier
Show whitespace changes
Inline Side-by-side

Showing with 40 additions and 42 deletions

doc/P-SLAPOS.Certificate.Authority.Plantuml.Sequence.Diagram.Signing.Request.txt ...e.Authority.Plantuml.Sequence.Diagram.Signing.Request.txt +40 -42

No files found.
--- a/doc/P-SLAPOS.Certificate.Authority.Plantuml.Sequence.Diagram.Signing.Request.txt
+++ b/doc/P-SLAPOS.Certificate.Authority.Plantuml.Sequence.Diagram.Signing.Request.txt
 @startuml
 title Automated Certificate Authority Service

-
-actor User
-actor Trusted
-actor Service
+actor service
+actor user
+actor libssl
 autonumber

 == Signing Request Submission ==

-User -> Authority : PUT /csr with the CSR as body
+service -> caucased : PUT /csr with the CSR as body
 alt CSR passes format check
-  Authority --> User : Request identifier
+  caucased --> service : Request identifier
 else CSR format invalid
-  Authority --> User : Error
+  caucased --> service : Error
 end
-Note over User : See "Certificate Retrieval"
+Note over service : See "Certificate Retrieval"

 == Certificate Production ==

-Note over Trusted : See "Signing Request Submission"
-Trusted -> Authority : GET /csr
-Authority --> Trusted : List of pending signing requests with their identifiers
-Trusted -> Authority : GET /csr/<request identifier>
-Authority --> Trusted : CSR
-alt Trusted agrees to produce a signed certificate from the signing request
-  Trusted -> Authority : PUT /crt/<request identifier>
+Note over user : See "Signing Request Submission"
+user -> caucased : GET /csr
+caucased --> user : List of pending signing requests with their identifiers
+user -> caucased : GET /csr/<request identifier>
+caucased --> user : CSR
+alt user agrees to produce a signed certificate from the signing request
+  user -> caucased : PUT /crt/<request identifier>
  alt CSR was still pending
-    Authority --> Trusted : Success
+    caucased --> user : Success
  else CSR not pending (deleted or already signed)
-    Authority --> Trusted : Not found
+    caucased --> user : Not found
  end
-else Trusted refuses to sign the request
-  Trusted -> Authority : DELETE with the signing request identifier
-  Authority --> Trusted : Ok
+else user refuses to sign the request
+  user -> caucased : DELETE with the signing request identifier
+  caucased --> user : Ok
 end

 == Certificate Retrieval ==

 loop Until certificate obtained or request rejected
-  User -> Authority : GET /crt/<request identifier>
+  service -> caucased : GET /crt/<request identifier>
  alt CRT exists
-    Authority --> User : Certificate content
+    caucased --> service : Certificate content
  else CRT does not exist
-    Authority --> User : Not found
-    opt User checks if the CSR was rejected
-      User -> Authority : GET /csr/<request identifier>
+    caucased --> service : Not found
+    opt service checks if the CSR was rejected
+      service -> caucased : GET /csr/<request identifier>
      alt CSR still pending
-        Authority --> User : Signing request content
+        caucased --> service : Signing request content
      else CSR rejected
-        Authority --> User : Not found
+        caucased --> service : Not found
      end
    end
  end
@@ -57,43 +56,42 @@ end

 == Certificate Renewal ==

-User -> Authority : PUT /crt/renew with the still-valid CRT and a CRL with the new public key
+service -> caucased : PUT /crt/renew with the still-valid CRT and a CRL with the new public key
 alt CRT is still valid (validity period, not revoked)
-  Authority --> User : New certificate content
+  caucased --> service : New certificate content
 else CRT invalid
-  Authority --> User : Error
+  caucased --> service : Error
 end

 == Certificate Revocation ==

-User -> Authority : PUT /crt/revoke with the CRT, order signed with its private key
+service -> caucased : PUT /crt/revoke with the CRT, order signed with its private key
 alt CRT is valid and parameters consistent
-  Authority --> User : CRT revoked
+  caucased --> service : CRT revoked
 else CRT is invalid or parameters inconsistent
-  Authority --> User : Error
+  caucased --> service : Error
 end

 == Certificate Revocation without access to private key ==

-Trusted -> Authority : PUT /crt/revoke with the CRT
+user -> caucased : PUT /crt/revoke with the CRT
 alt CRT is valid
-  Authority --> Trusted : CRT revoked
+  caucased --> user : CRT revoked
 else CRT is invalid
-  Authority --> Trusted : Error
+  caucased --> user : Error
 end

 == Certificate Revocation without access to private key or the certificate ==

-Note over Trusted: This procedure is discouraged as revoked certificate will linger for much longer\nthan strictly needed in the CRL, but useful when only the bare minimum\nis know about the certificate which revocation is desired.
-Trusted -> Authority : PUT /crt/revoke with the serial to revoke
+user -> caucased : PUT /crt/revoke with the serial to revoke
 alt Serial is not revoked yet
-  Authority --> Trusted : CRT revoked
+  caucased --> user : CRT revoked
 else Serials is already revoked
-  Authority --> Trusted : Error
+  caucased --> user : Error
 end

 == Certificate Validity Check ==

-Service -> Authority : GET /crl
-Authority --> Service : CRL content
+libssl -> caucased : GET /crl
+caucased --> libssl : CRL content
 @enduml