This JIRA is in this stage for discussion purposed.

In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem.

I want to discuss.

• diff key-store.operations ldap-key-store.operations 
  5,9d4
  <         "change-alias",
  <         "export-certificate",
  <         "generate-certificate-signing-request",
  <         "generate-key-pair",
  <         "import-certificate",
  14d8
  <         "load",
  34d27
  <         "store",
  

load() was introduced by EAP7-455
rest of operations were introduced by EAP7-650

Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`.

• filtering-key-store
  should it also contain extended operations or it is enough only underlying key-store has them

• Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources.
  key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ?

• Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.