https://bz.apache.org/bugzilla/show_bug.cgi?id=60946
--- Comment #7 from Philip Prindeville <[email protected]> --- (In reply to Jacob Champion from comment #6) > While that might be true -- and I'm not convinced that's an accurate > description of all MAC systems -- we're not using an ACL (or a MAC) > authorization system here. It's a very flexible (perhaps too flexible), > multi-paradigm system, and I would argue that you're just as likely to see > role-based authz with some of the more advanced authorization modules. Yes, sorry. I was thinking specifically of the case where you're controlling your decision based on IP address, host port, or some derivation of that (like GeoIP). > Perhaps the best thing to agree on is that any behavior might be > "astonishing" to some, and we should try to do what is least astonishing to > the widest possible range of users. I can subscribe to that. > Anyway: there's a good chance that this is neither here nor there. Maybe all > we need to do is review what directives are considered > neutral/success/failure in the authz system. Someone explain to me again what the point of "neutral" is? I've always thought that success == !failure and vice versa. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
