Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[higgins-dev] AuthZ observation

Duane made this observation:


* If AuthZ allows us to express something like "UserX has OperationY access to ResourceZ", then we must disallow renames of entities.

** Otherwise, if the "UserX" or "ResourceZ" entities are renamed, we have a problem where the AuthZ is disconnected.

*** Worse, if UserX is removed, and another one added, they will be unwittingly granted access.


This is especially true if we allow the AuthZ to be managed by a layered CP, because the underlying Context might be directly accessed to perform a rename, leaving the upper "authZ CP" unaware of the fact that it has a disconnected authZ statement.


Back to the top