[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
RE: [higgins-dev] Higgins v1 bug status - Parity assignment summary
|
Paul,
We certainly can/could/should. The only question for me is: In what time frame? I'd answer that "certainly not for 1.0". Here's the skinny:
Currently, there are directories that do not support the optional control we would require in order to perform proxy authorization. Therefore, thus far, we've catered to the lowest common denominator with what we call a "least-privileged user" (LPU) as Jim mentioned here [1]. This, indeed, has the effect mentioned in the defect that the Authenticated user has the AuthZ rights of the LPU. For some directories, this will be the best we can ever do, even if they support the "proxy authZ" control in later versions.
What I propose to do is to add support for those directories which support the control and have a configurable fallback position which would default to "failure" for a context open where the proxy authZ control is not supported. The LPU method could be configured to be "allowed" for applications where that is deemed acceptable. I would propose to do this in the 1.1 milestone.
Does this work for everyone?
Tom
[1] http://dev.eclipse.org/mhonarc/lists/higgins-dev/msg03605.html
>>> "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx> 12/20/07 3:29 PM >>>
Tom,
Brian Walker just wrote:
> 211945 <https://bugs.eclipse.org/bugs/show_bug.cgi?id=211945> - JNDI CP
sets AuthZ identity incorrectly when AuthN type is
> AuthNSeflIssuedMaterials - STATUS - recommend this be re- assigned to
Novell
This 211945 is, I believe, the resolution to the
<http://dev.eclipse.org/mhonarc/lists/higgins- dev/msg03601.html> thread
started by SergeyL. Please comment on 211945 and whether or not you
can/could/should fix it?
Sergey,
Please confirm what I've written above.
- Paul
