On 19 May 2010 17:22, Carl Trieloff <[email protected]> wrote:
> I've had a brief read, it seem seems the point I was trying to make has
> been entirely miss-understood.
>
> How about some IRC, or a call if you can do that and the reflect back to the
> list.
>
> Carl.
Hi.
I talked with carl, and I think we are basically on the same page,
apart from some minor confusion over naming and definitions which I
think I now understand better. Basically, the 'Conclusions' section of
the document I posted earlier describes the way ACLs on management
functions will work, however I have added a post-script with some more
detail, including an explanation of what exactly a 'mangement
function' is. Additionally, I have updated the original proposal to
reflect the changes to the object type and operation combinations. I
am in the process of getting the wiki pages updated, but in the
meantime I have attached three text files to QPID-2476 and the
post-script and part of the conclusion are reproduced below:
{noformat}
ACL ALLOW kitten EXECUTE METHOD component="log" name="reload*"
ACL ALLOW kitten UPDATE METHOD component="log"
ACL ALLOW robot ACCESS METHOD component="log"
ACL ALLOW robot EXECUTE METHOD component="acl" name="reload*"
ACL DENY robot EXECUTE METHOD component="config" name="reload*"
ACL ALLOW robot EXECUTE METHOD component="config"
{noformat}
h2. Post Scriptum
The following points should clarify some of the proposed features,
however the syntax as described in the [#Conclusion] is intended to
represent the preferred usage.
In the C++ broker there exists a feature wherby plugins, uniquely
identified by a schema package and a class name, can have ACLs applied
to them. This will also become available in the Java broker, and would
be permissioned using the _OBJECT_ object type. This allows objects
that are external to the broker to be controlled. For the Java broker
it is intended that the main class for a plugin would check with the
security manager using the Java package and class names as properties,
as below.
{noformat}
ACL ALLOW kittens ACCESS OBJECT package="com.example.plugin" class="Example"
{noformat}
When management functions are being permissioned, a symbolic name for
a logical grouping of related methods, properties, attributes and
operations is used to identify what is being controlled. This is
identified using the _component_ property in the examples above. These
groupings will map onto JMX managed objects or MBeans, QMF management
schemas, or some other form of mangement object. It is intended that a
particular broker implementation handles these mappings internally and
ignores mappings that do not exist, such as logging management on the
C++ broker currently. It is also possible to offer finer grained
control by specifying the _name_ property for the ACL entry, thus
restricting the scope to a single method or property. It _may_ also be
possible to specify other properties that have meaning for a paricular
broker implementation, thus maintaining backward compatibility. The
list of possible property names should be fixed as part of the
definition of the ACL file format.
Cheers,
Andrew.
--
-- andrew d kennedy ? edinburgh : +44 7941 197 134
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
