Object ACLs support
Registered by
David Hadas
Evaluate what (if any) can be offered as Object ACLs on top of the container ACLs
Thoughts coming up from the summit:
1. Check Container ACLs first, if ok, and if object ACLs exists, also check object ACLs
2. Consider implications of checking Object ACLs at the Object Server (using auth middleware at the object server)
Note this means that each object server checks the ACLs individually and that we check later in the game.
Consider offering read ACLs but without write ACLs, to avoid cases in which object server are unaligned leading to undefined states.
3. Consider alternative to 2, checking the ACLs at the proxy after the call have been made - this works for GET but not for modify (DELETE/PUT/POST).
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- David Hadas
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(?)
