potiuk commented on PR #23:
URL: https://github.com/apache/comdev/pull/23#issuecomment-4893359712

   > You have described much of what is already implemented in ATR with 
permission schemes around roles and api endpoints and including admin functions 
around purging of tokens and disabling "banned" users. We are considering 
pushing more of this to `infrastructure-asfquart` which is the preferred base 
for Tooling and Infrastructure websites.
   
   I think you probably misread it. 
   
   That has nothing to do with ATR - it's just long term "scope" of token. It's 
not "management" of the permissions - it's just using the permissions that are 
already present and exposed via Oauth, it's more of implementing token 
authenticaion mechanism manageable by the user via PonyMail.
   
   But of course if there is a mechanism for long term tokens handed-over by 
other systems centraly - this PonyMail mechanims can also support it, no 
problem whatsoever - it should be a simple, few line change. 
   
   This is really mechanism of managing "tokens" not permisssions. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to