Em 10-11-2010 09:12, Simon Busch escreveu:
Take a look at this: http://moblin.org/projects/policy-based-access-control
I would prefer this way of doing authentication for the application. So
the fsopimd has to ask policykit for authentication of the client
against fsopimd. If it is not authentication policykit notifies this to
our fsosecurityd daemon which provides an interface for the user to
manage all the authentications in a FSO way but interacts with
policykitd in the end.
It is important to make a point that it shouldn't be an "all or nothing"
authorization method, when fsopolicyd asks the user to grant permission
to an application to do a set of things, the user should be able to
discretely allow some and forbid others.
Eg: my wife has an Android phone, and I have absolutely no idea why the
HELL does she have to allow the Google Maps application to access her
contact list, alongside with the GPS.
I mean... I know why they might want to do that (locating in the map
your contact's addresses, for instance, not to say other shady stuff),
but if I don't want to do that, why can't I just say GPS is ok, but stay
the hell off my contacts list :)
When Google Maps tries to get the contact list, it should receive
something as E_PERM_DENIED or whatever and just deal with it.
Rui
_______________________________________________
Shr-devel mailing list
[email protected]
http://lists.shr-project.org/mailman/listinfo/shr-devel
