http://www.freeipa.org/page/V4/URI-based_HBAC
I have made some important changes to the design document of this proposed feature. The difference is mainly changing regular expression interpretation of URI to longest-prefix matching. This change was done mainly because of upstream's reactions. I value any further comments and particularly discussion about the two topics mentioned at the end of the design page: * For backwards compatibility, lack of URI in request means any URI is matched (as described in the design document). Is it a good idea? Any other solution? * How about multiple URI's in one HBAC rule? Is it a good idea? How to interpret combinations of host+scheme+port (one field) and URI paths (another field) in that case? -- Lukas Hellebrandt Associate Quality Engineer lhell...@redhat.com -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code