comprehensive-access-control
rather than asking for piecemeal extensions to the
current RBAC model, such as the addition of groups, domains, scoping etc. we first need a model of the access control system that we want to implement (eventually). Without a comprehensive access control model we will simply end up patching bits of spaghetti to the existing system until we will end with an unspecified model and/or a system that no-one really understands, which will lead to access control "holes" through which attackers can easily penetrate (and which might be difficult to fix). So I would call first and foremost for a comprehensive access control model to be documented in a blueprint before any further "enhancements" are made to the code base - regardless of the perceived urgency of each enhancement. It is critically important for a security system, that people (especially administrators) can understand it, so that they can manage it effectively. The more bolt ons and add ons that are made without a clear description of what the overall model is, the more difficult it will be for administrators to correctly administer.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Dolph Mathews
Related branches
Related bugs
Sprints
Whiteboard
"we first need a model of the access control system that we want to implement" so, the goal of this blueprint is to produce another blueprint? after further reading, the answer is yes. just create THAT bp! ;)
