[Freeipa-devel] URI in HBAC
Lukáš Hellebrandt
lhellebr at redhat.com
Mon Apr 25 12:48:25 UTC 2016
http://www.freeipa.org/page/V4/URI-based_HBAC
I have made some important changes to the design document of this
proposed feature. The difference is mainly changing regular expression
interpretation of URI to longest-prefix matching.
This change was done mainly because of upstream's reactions. I value any
further comments and particularly discussion about the two topics
mentioned at the end of the design page:
* For backwards compatibility, lack of URI in request means any URI is
matched (as described in the design document). Is it a good idea? Any
other solution?
* How about multiple URI's in one HBAC rule? Is it a good idea? How to
interpret combinations of host+scheme+port (one field) and URI paths
(another field) in that case?
--
Lukas Hellebrandt
Associate Quality Engineer
lhellebr at redhat.com
More information about the Freeipa-devel
mailing list