Hi, the reason why I agreed to have the security features enabled by default in the full launcher was because it is the "full" launcher that includes everything we have. So security should not be an exclusion.
An important point in Stanbol is that we do not have something like "default". We can only discuss what is enabled in certain launcher configurations. But I see that users just take the full launcher - so that looks like the "default". I agree with Rupert that the security level was introduced without carefully foresee its consequences and ensuring that everything initially is working with security. Now we have a feature in the full launcher enabled that breaks some things. The hope was that the problems will get fixed over time but I do not see this happen at the moment. This is an open source project and we can not force people to fix their components because we have enabled security. This may be an indicator that people are not that interested in spending effort on this. No matter if they "should" do it because security is important to some. Ruperts suggestion to have security in the integration-tests but not enabled by default in the full launcher sounds reasonable to me. Once we have enough tests and ensured that security is supported well, we should switch back and have it activated by default in the full launcher. I assume that it will become easier to handle and configurable with ongoing development. My initial hope was to get better support for different launchers. We have worked on this but it it still an open point. We agreed that disabling security should be no problem by omitting the corresponding bundles in a launcher configuration. So if many people do not want security, we could offer another full launcher with no security or something like this. Another option would be to make it really easy for users to define their own launcher configuration and exclude what they do not want to have. That would be nice. Best, - Fabian 2013/4/5 Reto Bachmann-Gmür <r...@apache.org>: > Hi Danny, > > What about having a big "disable security" button in the user manager which > would grey out everything (after a confirm dialog) but leave a "enable > security" button? > > Then we could add a command line option that would disable security at > start up. > > Technically "disabling security" would just add AllPermission to the > default role. > > I think this approach would be better because: > - it's easier to change the settings, even at runtime > - There isn't the possibility to manage users if this has no effect anyway > (as this would be greyed out and disabled) > - The same infrastructure and filters could be running with and without > security (as without security just means "everybody is root" - which > sounds frightening but that's intentional) > > Cheers, > Reto > > > On Fri, Apr 5, 2013 at 3:09 PM, Danny Ayers <danny.ay...@gmail.com> wrote: > >> Ok, personally I'd lean towards leaving security on by default, being >> general good practice. But I'm not so familiar with the typical >> applications as everyone else here, so don't take that view too strongly. >> >> But, just a thought: starting up usually needs quite a lengthy command, I >> for one have got it in a script for convenience. >> >> So why not offer a selection of startup scripts, something like: >> >> start.sh >> start.bat >> start-secure.sh >> start-secure.bat >> ... >> >> Cheers, >> Danny. >> >> >> >> On 5 April 2013 14:36, Rupert Westenthaler <rupert.westentha...@gmail.com >> >wrote: >> >> > On Fri, Apr 5, 2013 at 2:17 PM, Reto Bachmann-Gmür <r...@wymiwyg.com> >> > wrote: >> > > Hi Rupert >> > > >> > >> >> > >> * Disabling Security as default: Stanbol is still not functioning to >> > >> 100% if the Security-Manager is enabled hence IMHO deactivating this >> > >> feature is the logical consequence. >> > >> >> > > >> > > You're referring to the situation when stanbol is started without the >> > > "-no-security" argument but without the authentication bundles? >> > > >> > >> > Including the Security Modules, but with -no-security as default >> > (basically by adding an option -enable-security) >> > >> > >> > > What's not functioning? >> > > >> > > *Want To Fix* >> > >> > The dev.iks-project.eu server was running for some time with security >> > enabled. From what I can remember all Engines for remote services >> > where failing because they where not allowed to connect to those hosts >> > - Zemanta, Calai, Celi, Spotlight. I would also expect the >> > FileContentItem implementation (enhancer.core) to fail creating the >> > temporary files. The EntityDereferencer and EntitySearcher >> > implementation of the Entityhub for SPARQL and CoolURI >> > (entityhub.site.linkeddata). But there might be additional one - >> > especially from other Stanbol Components (e.g. the CMS Adapter might >> > be affected) >> > >> > best >> > Rupert >> > >> > > >> > > Reto >> > >> > >> > >> > -- >> > | Rupert Westenthaler rupert.westentha...@gmail.com >> > | Bodenlehenstraße 11 ++43-699-11108907 >> > | A-5500 Bischofshofen >> > >> >> >> >> -- >> http://dannyayers.com >> >> http://webbeep.it - text to tones and back again >> -- Fabian http://twitter.com/fctwitt
