> Hi, > > That can be an interesting debate: can the security be orthogonal and > applied at integration level from a system perspective or should it be > intregrated inside services and if yes what is the model that could be > derived from one security framework to another? > > Any of these directions have advantages. > > When I worked on SAPI (the dead project to integrate security) I have > focused on orthogonality: the service is not changed but the integration > layer takes care of the security using its own design. I'm still > thinking that this approach has more advantages than requesting service > to integrate the security, even if that last approach is easier to > implement (at least outside of upstream in some cases). > > However, making security orthogonal is not easy at all. Keeping it > separate from implementations of services seems to be a hard target. > Thus I have no strong opinion on the subject.
Seems like another idea for F2F discussion :-) I also feel like you Jose - both ideas are worth considering. I also agree with latest Jacek's opinion, that the policy configuration, regardless whether its used by DBus or by service-side code, should be easy to parse/understand - so that moving security away from DBus daemon towards services themselves would not require change in that configuration scheme. BRs, Tomasz _______________________________________________ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
