On 11/04/2013 02:49 PM, Petr Viktorin wrote:
> Hello,
> 
> During discussions about fine-grained read ACIs [0], it became clear that we
> need to grant permissions to "all authenticated" and "all, even anonymous" 
> users.
> 
> Here is a design document for the feature:
> http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
> 
> 
> [0] http://www.redhat.com/archives/freeipa-devel/2013-October/msg00050.html
> 

Looks good to me. Pretty much reflects what were talking about in person.

Kudos for also writing the Test Cases. I am just thinking we may also want to
do some "functional" tests and e.g. add an anonymous permission to read some
hidden attribute and then to try to read it with anonymous LDAP search.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to