[
https://issues.apache.org/jira/browse/JAMES-4097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix updated JAMES-4097:
-------------------------
Description:
As discussed on the server-dev mailing list (subject: `Shared mailboxes via
IMAP`), we think that the current single-domain restriction for mailbox sharing
is too strict for some use cases.
The restriction prevents that a mailbox of one domain can be shared with users
of another domain and was introduced with
[#318|https://issues.apache.org/jira/browse/MAILBOX-318].
This is one of multiple security layers to prevent unauthorized access to a
mailbox. In a multi-tenancy deployment, users of different tenants cannot
access other mailboxes because of missing ACL rights and the cross-domain
restriction serves as a fallback barrier.
However, there are also companies using different domains (e.g. it's common to
have a `student.` domain in universities) where collaboration between users of
different domains via shared mailboxes would be helpful.
To not influence existing deployments and keep the security benefit for default
deployments, we propose to add a configuration switch (by default disabled) to
allow sharing of mailboxes across domain boundaries.
was:
As discussed on the server-dev mailing list (subject: `Shared mailboxes via
IMAP`), we think that the current single-domain restriction for mailbox sharing
is too strict for some use cases.
The restriction prevents that a mailbox of one domain can be shared with users
of another domain and was introduced with
[#318](https://issues.apache.org/jira/browse/MAILBOX-318).
This is one of multiple security layers to prevent unauthorized access to a
mailbox. In a multi-tenancy deployment, users of different tenants cannot
access other mailboxes because of missing ACL rights and the cross-domain
restriction serves as a fallback barrier.
However, there are also companies using different domains (e.g. it's common to
have a `student.` domain in universities) where collaboration between users of
different domains via shared mailboxes would be helpful.
To not influence existing deployments and keep the security benefit for default
deployments, we propose to add a configuration switch (by default disabled) to
allow sharing of mailboxes across domain boundaries.
> Allow cross-domain sharing of mailboxes via config
> --------------------------------------------------
>
> Key: JAMES-4097
> URL: https://issues.apache.org/jira/browse/JAMES-4097
> Project: James Server
> Issue Type: Improvement
> Components: mailbox
> Reporter: Felix
> Priority: Minor
>
> As discussed on the server-dev mailing list (subject: `Shared mailboxes via
> IMAP`), we think that the current single-domain restriction for mailbox
> sharing is too strict for some use cases.
> The restriction prevents that a mailbox of one domain can be shared with
> users of another domain and was introduced with
> [#318|https://issues.apache.org/jira/browse/MAILBOX-318].
> This is one of multiple security layers to prevent unauthorized access to a
> mailbox. In a multi-tenancy deployment, users of different tenants cannot
> access other mailboxes because of missing ACL rights and the cross-domain
> restriction serves as a fallback barrier.
> However, there are also companies using different domains (e.g. it's common
> to have a `student.` domain in universities) where collaboration between
> users of different domains via shared mailboxes would be helpful.
> To not influence existing deployments and keep the security benefit for
> default deployments, we propose to add a configuration switch (by default
> disabled) to allow sharing of mailboxes across domain boundaries.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
