[Freeipa-devel] URI in HBAC - design page
Fraser Tweedale
ftweedal at redhat.com
Thu Mar 24 01:39:17 UTC 2016
On Wed, Mar 23, 2016 at 11:54:55AM -0400, Rob Crittenden wrote:
> Lukáš Hellebrandt wrote:
> >I created a design page for the feature:
> >
> >http://www.freeipa.org/page/URI-based-HBAC-design
> >
> >
>
> Can you make the ticket reference a link?
>
> Is it expected that a full URI will be used, including protocol? Your early
> examples are http://path/to/somewhere and later you just use
> /path/to/somewhere. Will protocol be allowed? I ask because it can be
> problematic because users would have to consider and remember http vs https,
> for example.
>
> What happens if ftp, for example, added HBAC support and wanted to utilize
> this but wanted different access control by protocol?
>
> I think case sensitivity might be pretty important too, though might be best
> left as an exercise for the user.
>
> I'm not sure what you mean by the CLI section. It seems like you are just
> adding in a uri option so I'd be explicit. Showing possible usage would be
> handy too.
>
> What kind of regex validation can be done, if any?
>
> rob
>
Further to Rob's points, what about including the method being used
(HTTP GET/POST/PUT/PATCH)? In a RESTful world this seems like an
important aspect to include.
How deep does this rabbit-hole go? :)
Cheers,
Fraser
More information about the Freeipa-devel
mailing list