[OTDev] Policy creation
Andreas Maunz andreas at maunz.deWed Jun 23 13:30:32 CEST 2010
- Previous message: [OTDev] Policy creation
- Next message: [OTDev] Policy XML allows multiple rules
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Vedrin Jeliazkov wrote on 06/23/2010 11:20 AM: > In fact, I'm not sure whether we have the notion of group-owner > currently? If we don't have it (e.g. we only have group permissions, We don't. Only single users can own a policy. > Last but not least, you mentioned that permissions and ownership are > handled separately. Does it make sens to hold ownership information a > bit longer and delete it only when the resource is effectively > removed? I mean, something like this: > > 1) user requests resource deletion; > 2) AA checks that user is entitled for this operation; > 3) permissions for the resource are removed; > 4) resource is removed; > 5) ownership information is removed. > > The rationale is that in a situation when the resource takes a while > to disappear, the system would know who was the owner of this stale > resource and could disallow other users to create policies with > different permissions for this resource, thus probably solving the > issue under discussion. Holding back ownership sounds like a good idea. I will think about how this could be implemented best. Best regards Andreas
- Previous message: [OTDev] Policy creation
- Next message: [OTDev] Policy XML allows multiple rules
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list