[
https://issues.apache.org/jira/browse/DISPATCH-1388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chuck Rolke resolved DISPATCH-1388.
-----------------------------------
Resolution: Fixed
Fix Version/s: 1.9.0
Fixed at Commit ab6657
> Authorization doc fails to describe vhost abstraction clearly
> -------------------------------------------------------------
>
> Key: DISPATCH-1388
> URL: https://issues.apache.org/jira/browse/DISPATCH-1388
> Project: Qpid Dispatch
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 1.8.0
> Reporter: Chuck Rolke
> Assignee: Chuck Rolke
> Priority: Major
> Fix For: 1.9.0
>
>
> Security documentation misses an important point when describing policy and
> how policy is effected by vhost settings: Access policy is applied at the
> point of ingress to a router network. Once access is granted to a resource
> then all resources with that name anywhere in the network are accessible.
> Access restrictions are specified in a policy vhost object. The vhost
> contains the restrictions that get applied to a connection when the
> connection is established. Reading the doc it sounds as if there are vhost
> objects that may contain addresses somewhere in the router. That conceptual
> model is the issue in the doc that needs to be fixed.
> Methods for Specifying Vhost Policy Source and Target Addresses is a good
> example. In the table the first item is titled _Allow all users in the user
> group to access all source or target addresses on the vhost_ . In reality the
> addresses are not _on the vhost but are in the router network_.
> Throughout the document the text "on a vhost" could be changed to "through a
> vhost" or "specified by a vhost", or could be removed entirely.
> h4.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
