[
https://issues.apache.org/jira/browse/UNOMI-189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16854404#comment-16854404
]
Serge Huber commented on UNOMI-189:
-----------------------------------
It would be great to have a way to "protect" some profile properties, so that
they are only accessible through some kind of authentication and/or
authorization mechanism.
For example, we could say by default that all properties with the
"personalIdentifierProperties" system tag could be protected so that only the
actual profile or an admin role could access the properties.
It should also be possible to control read and/or write of protected properties.
> Restrict some profile updates to authenticated users only
> ---------------------------------------------------------
>
> Key: UNOMI-189
> URL: https://issues.apache.org/jira/browse/UNOMI-189
> Project: Apache Unomi
> Issue Type: New Feature
> Components: web
> Affects Versions: 1.3.0-incubating
> Reporter: Romain Gauthier
> Priority: Major
> Fix For: 1.5.0
>
>
> It is my understanding that Unomi is cookie and API based. It would be great
> to support updates of some data with authenticated users only, but still
> using a public endpoint.
> A tag on profile properties would be checked to restrict updates from
> authenticated and current users only.
> I'm then wondering if an integration with [https://auth0.com/] or
> [https://www.gigya.com/] could also makes sense. This kind of features would
> strengthen the customer data platform positioning.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
