Object ACLs support

Registered by David Hadas on 2013-04-17

Evaluate what (if any) can be offered as Object ACLs on top of the container ACLs
Thoughts coming up from the summit:
1. Check Container ACLs first, if ok, and if object ACLs exists, also check object ACLs

2. Consider implications of checking Object ACLs at the Object Server (using auth middleware at the object server)
     Note this means that each object server checks the ACLs individually and that we check later in the game.
     Consider offering read ACLs but without write ACLs, to avoid cases in which object server are unaligned leading to undefined states.

3. Consider alternative to 2, checking the ACLs at the proxy after the call have been made - this works for GET but not for modify (DELETE/PUT/POST).

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
David Hadas
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.