Chuck Rolke created DISPATCH-1388:
-------------------------------------
Summary: Authorization doc fails to describe vhost abstraction
clearly
Key: DISPATCH-1388
URL: https://issues.apache.org/jira/browse/DISPATCH-1388
Project: Qpid Dispatch
Issue Type: Improvement
Components: Documentation
Affects Versions: 1.8.0
Reporter: Chuck Rolke
Assignee: Chuck Rolke
Security documentation misses an important point when describing policy and how
policy is effected by vhost settings: Access policy is applied at the point of
ingress to a router network. Once access is granted to a resource then all
resources with that name anywhere in the network are accessible.
Access restrictions are specified in a policy vhost object. The vhost contains
the restrictions that get applied to a connection when the connection is
established. Reading the doc it sounds as if there are vhost objects that may
contain addresses somewhere in the router. That conceptual model is the issue
in the doc that needs to be fixed.
Methods for Specifying Vhost Policy Source and Target Addresses is a good
example. In the table the first item is titled _Allow all users in the user
group to access all source or target addresses on the vhost_ . In reality the
addresses are not _on the vhost but are in the router network_.
Throughout the document the text "on a vhost" could be changed to "through a
vhost" or "specified by a vhost", or could be removed entirely.
h4.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
