Menu
▾
▴
Re: [Exist-development] security refactoring
|
From: Dmitriy S. <sha...@gm...> - 2010-07-21 17:53:35
|
The trunk is POSSIBLE UNSTABLE, please let me know if any problem. Should I change storage version (.dbx file) to force backup/restore, because of new security storage structure? Should it be converted automatic or manual? (I think of manual way, pluggable realms will be turned off and only internal one (users.xml) will operate) -- Cheers, Dmitriy Shabanov On Fri, 2010-07-16 at 00:12 +0500, Dmitriy Shabanov wrote: > Hello, > > I want to add new accounts: > > - 'system account' (id = 0, dba group), it will be use by system only. > It will be useful as owner of the /system resources, so it will be never > modified by anybody, only by system it self (throw special functions); > > - 'nobody' (id = -1, guest group), the use didn't offer himself. This > account can't be used as resource owner. > > Next in my plan (next two weeks): > > - change the major version number of the security subsystem; > > - add collection /system/security, it will be use for setting, accounts > and roles information; > > - use collections: /system/security/( internal, openid, ldap, > activeDirectory) & etc, one per realm, other words each realm will have > separate collection. > > - each realm's collection will have subcollection: role (or should I > use 'group' as name?), user & file: settings.xml (I'll implement runtime > reconfiguration) > > - each group or user will be at single file. > > (I will put converter to transform old structure to new one) > > Any comments? > |
