Maybe instead of privileges we should speak about roles - this would be aligned with the OSGi UserAdmin spec; I think we can't use the speak but we can at least use the same concepts.
Carsten 2013/8/6 Carsten Ziegeler <[email protected]> > Hi, > > while the current web console is a great tool and has many great plugins, > it comes with a problem: if someone has access to the console this means > full access including performing any changes. However many use cases are > reading/introspecting the system and seeing if something is wrong. > > So apart from the authentication support we have, I think we should add > support for authorization. I'm wondering how we should do that? > > Simplest approach would be to distinguish between two privileges "read" > and "write" (or however we name them) and plugins can find out whether the > current user has these privileges and act accordingly. I'm wondering if we > need more fine grained privileges or more flexible ones, like granting > someone to modify configurations but not to change bundle states? > > Apart from adding the notion of a user and finding out the privileges, > this would also mean to adjust all plugins to use this information. If this > new security feature is enabled (by default it would be off to have > compatible behaviour to today), the web console could simply block all POST > requests if the user does not have the "write" privilege and a plugin needs > a way to override this. (In some cases a POST is used for testing like for > the event admin plugin, so this might be fine etc.) > > WDYT? > > Regards > Carsten > -- > Carsten Ziegeler > [email protected] > -- Carsten Ziegeler [email protected]
