[
https://issues.apache.org/jira/browse/SHINDIG-1601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan Baxter updated SHINDIG-1601:
---------------------------------
Summary: Enhance Gadget Administration (was: Feature Security)
> Enhance Gadget Administration
> -----------------------------
>
> Key: SHINDIG-1601
> URL: https://issues.apache.org/jira/browse/SHINDIG-1601
> Project: Shindig
> Issue Type: New Feature
> Affects Versions: 3.0.0
> Reporter: Ryan Baxter
> Original Estimate: 672h
> Remaining Estimate: 672h
>
> We want to allow administrators of containers to secure the features gadgets
> are allowed to use. We can do this by doing two things to the container.
> 1.) When the gadget preloads a gadget and requests the iFrame URL for the
> gadget (indicating the container wants to render the gadget) we check the
> list of allowed features for that gadget in that container. In theory the
> administrator of the container would setup this list. If the gadget wants to
> use a feature that is not in the list approved by the administrator the
> preload fails.
> 2.) Secure what RPC service id a gadget can call. A gadget should only be
> able to call the RPC service ids from the features the administrator has
> approved for that gadget in that container. If the gadget tried to call and
> RPC service id that is not in a feature the administrator has approved than
> the RPC call will be "blocked".
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
