[#AAA-59] Allow applications to register themselves for additional AuthZ operations

[AAA-59] Allow applications to register themselves for additional AuthZ operations Created: 19/Aug/15 Updated: 21/Mar/19
Status:	Confirmed
Project:	aaa
Component/s:	General
Affects Version/s:	None
Fix Version/s:	None

Type:

Improvement

Reporter:

Ajay L

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

Operating System: All
Platform: All

Description

AAA AuthZ should allow other components to register callbacks for providing authorization decisions on requests made.

Comments

Comment by Ryan Goulding [ 25/Aug/15 ]

I will attempt to clarify this.

AuthZ decisions are currently made based on URL/Role/DOM operation. This is hard coded and the real use case that AAA AuthZ attempts to support (RBAC).

What Ajay is asking for is essentially a hook into the AuthZ engine to allow the AuthZ decision to be made using different criteria.

For transparency, in a conversation with Ajay offline we discussed two different approaches to support such behavior:
1) Provide callback hooks in the AuthZ engine and an interface to make more advanced AuthZ decisions.
2) Extending the DomDataBroker or AuthzDomDataBroker. I would suggest extending the latter, since then you can invoke super methods to make basic AuthZ decisions.

The idea is to allow other groups/projects/individuals the capability to "gate" DOM transactions based on their own criteria.

Comment by Ryan Goulding [ 18/Dec/15 ]

This will be added to the list of Boron priorities. This is a new feature request, and could be considered during the next release if resources are available.

Generated at Wed Feb 07 19:08:31 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[AAA-59] Allow applications to register themselves for additional AuthZ operations Created: 19/Aug/15 Updated: 21/Mar/19