[db-wg] Personalised authorisation
- Previous message (by thread): [db-wg] Personalised authorisation
- Next message (by thread): [db-wg] Publishing Deleted Objects - Legal Analysis
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sascha Luck [ml]
dbwg at c4inet.net
Fri Jun 19 16:19:04 CEST 2015
On Thu, Jun 18, 2015 at 03:38:17PM +0200, Tim Bruijnzeels wrote: >No, our idea was that the "auth:" attributes referencing persons >would be filtered for unauthorised users. Just like we filter >SSO emails and MD5 hashes today. >Only *authorised* users would be able to see this, i.e. a user >who is logged into web updates and who is authorised for this >maintainer (i.e. has their SSO on this maintainer, or on a >person object authorised for this maintainer). >Similarly we would filter "auth:" attributes for person objects, >unless the user looking at this is authorised. Typically that >would be a user looking at their own credentials. Thanks, Tim, for this clarification. Certainly something I can live with. rgds, Sascha Luck
- Previous message (by thread): [db-wg] Personalised authorisation
- Next message (by thread): [db-wg] Publishing Deleted Objects - Legal Analysis
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]