diff options
Diffstat (limited to 'presentations/repository-engine-objects.dot')
| -rw-r--r-- | presentations/repository-engine-objects.dot | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/presentations/repository-engine-objects.dot b/presentations/repository-engine-objects.dot new file mode 100644 index 00000000..24abc8dd --- /dev/null +++ b/presentations/repository-engine-objects.dot @@ -0,0 +1,86 @@ +// $URL$ +// $Id$ +// +// {arrowhead,arrowtail} shapes indicate database object relationships: +// 1- none +// m- crow +// +// Color code: +// Blue: visible in left-right protocol +// Green: created on the fly + +digraph rpki_engine_objects { + rotate=90; size="11,8.5"; splines=true; ratio=fill; + node [ shape=record ]; + + // Objects visible in left-to-right protocol + node [ color=blue ]; + self [ label="Self|{Preferences}" ]; + parent [ label="Parent|{URI|TA|SIA Base}" ]; + repo [ label="Repository|{URI|TA}" ]; + child [ label="Child|{TA}" ]; + biz_sign [ label="Business\nSigning Context|{Keypair|CertChain}" ]; + route_origin [ label="Route\nOrigin|{AS Number}" ]; + + // Objects which left-right protocol sees as part of other + // objects but which SQL needs to be separate for + // normalization. + + addr_set [ label="Address\nPrefix", color=purple ]; + + // Objects created on the fly by the RPKI engine + node [ color=green ]; + ca [ label="CA|{Last CRL #|Next CRL Date|Last Issued Serial #|Last Manifest #|Next Manifest Date|SIA URI}" ]; + ca_detail [ label="CA Detail|{CA Private Key Handle|CA Public Key|Latest CA Certificate|Manifest EE Private Key Handle|Manifest EE Public Key|Latest Manifest EE Certificate|Latest Manifest|Latest CRL}" ]; + + // Some question whether these objects need to be in database + // per se or are just properties hanging on some other object + // like ca or ca_detail. For manifests, we need last serial, + // same as for CRL. + roa [ label="ROA|{EE Certificate|ROA}" ]; + + // This one is a table of everything we have ever issued to + // this child, not to be confused with what's -currently- + // issued to this child. Some question whether this hangs off + // ca or ca_detail, but we -think- hanging off of ca_detail is + // correct because certificates are issued by a particular + // keypair. + + child_cert [ label="Child CA Certificate" ]; + + // One-many mappings + edge [ color=blue, arrowtail=none, arrowhead=crow ]; + self -> biz_sign; + biz_sign -> child; + biz_sign -> parent; + biz_sign -> repo; + self -> child; + self -> parent; + repo -> parent; + self -> route_origin; + + route_origin -> addr_set [ color=purple, arrowtail=none, arrowhead=crow ]; + + // This is many-many because each child is an entity, each CA + // can have multiple children, and each child can hold certs + // from multiple CAs (thanks, RobL). + // + ca -> child [ color=green, arrowtail=crow, arrowhead=crow ]; + + // One-many mappings + edge [ color=green, arrowtail=none, arrowhead=crow ]; + ca -> ca_detail; + child -> child_cert; + parent -> ca; + ca_detail -> child_cert; + ca_detail -> roa; + + // One-one mapping -- separate object to highlight dynamic nature + edge [ color=green, arrowtail=none, arrowhead=none, style=solid ]; + route_origin -> roa; + +} + +// Local Variables: +// compile-command: "dot -Tps2 repository-engine-objects.dot | ps2pdf - repository-engine-objects.pdf" +// End: |