What is wrong with requiring a host to be there? You are not forced to use it but it would be really recommended approach as you would want your service to take advantage of SSSD. I would think that if we want to make things better we should allow automated creation of the corresponding host entry when you create a service if host does not exist. Load balancer is probably the only case where the service would not benefit from using SSSD but I do not think it is a big problem to automatically create a host entry for this case. Allowing services to be created without hosts violates some of the system assumptions. For example the host entity can be granted privileges against the service entities that run on that host.

Based on the reasoning outlined by Dmitri, FreeIPA team agreed not to implement this ticket.

If you have a service on a single host, that's fine.

But lots of services are on a load balancer, or want to be abstract from a host. You don't need or want to "use" sssd in either of these cases. There is a logical issue here, that hosts now no longer really represent "hosts" at all. Hosts are now "hosts but also kind of aliases for services on other hosts". As well, services don't really mean "services", they mean "some service tied to a host, that may or may not exist". See how we have broken these concrete definitions into something that isn't really quite as solid?

Consider I was to attempt to look through my set of hosts an determine inactivity. My service hosts would all be "inactive" because they aren't attached to real systems. I could risk deleting them.

It adds admin overhead, and maintenance overhead to maintain a strict policy of forcing hosts to be present to add services.

The service has several different properties: it has identity, key and/or certificate
If you have an independent service you can create it on one host and share its key or certificate with other instances of the same service. Current model does not preclude what you are suggesting so why do extra work and break the model?