Feature Security
----------------
Key: SHINDIG-1601
URL: https://issues.apache.org/jira/browse/SHINDIG-1601
Project: Shindig
Issue Type: New Feature
Affects Versions: 3.0.0
Reporter: Ryan Baxter
We want to allow administrators of containers to secure the features gadgets
are allowed to use. We can do this by doing two things to the container.
1.) When the gadget preloads a gadget and requests the iFrame URL for the
gadget (indicating the container wants to render the gadget) we check the list
of allowed features for that gadget in that container. In theory the
administrator of the container would setup this list. If the gadget wants to
use a feature that is not in the list approved by the administrator the preload
fails.
2.) Secure what RPC service id a gadget can call. A gadget should only be
able to call the RPC service ids from the features the administrator has
approved for that gadget in that container. If the gadget tried to call and
RPC service id that is not in a feature the administrator has approved than the
RPC call will be "blocked".
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
