Angela Schreiber created SLING-10321:
----------------------------------------
Summary: Deprecate service mapping by userID
Key: SLING-10321
URL: https://issues.apache.org/jira/browse/SLING-10321
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Affects Versions: Service User Mapper 1.5.2
Reporter: Angela Schreiber
Fix For: Service User Mapper 1.5.4
[~cziegeler], [~kpauls], for security reasons I would like to deprecate the old
service user mapping by a single userID in favor of the new format that takes
one or multiple principal names.
The new format allows to keep service permissions limited to service-users as
declared in the mapping and doesn't resolve declare or inherited group
permissions. This gives full control over the effective permissions granted to
each service and doesn't risk unrelated permission changes (e.g. to a base
group like 'everyone') impacting service security.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
