summaryrefslogtreecommitdiffstats
path: root/redback-rbac/TODO
blob: 345aa2a9b1845d2cc9ee34b07ab84da71c5fefac (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

* allow resources and role names of be sourced from different items for dynamic roles
* wrap user assignment logic as well to make using rbac that much easier
* expand scope of role profiles to include more rbac utility, perhaps catching some of the runtime exceptions that can come out of the rbac manager (until maybe we go back and make them checked)
* change sourcing mechanism of profiles, they are just too convoluted the way this turned out
* fix merging of roles to make more sense, axe merging all together and use role hierarchy
* make changing role names easy
* rethink dynmaic role profiles, they introduce too much confusion in the inheritance model



Perhaps:

* leverage the rbac model to source
* provide tooling to click through role/perm/op/resource generation for an app
* automate graph generation of whole rbac structure
* provide debug mode for webapps and log all authn/authz requests for page generation and render in debug output (in jsp?)
* easy configuration to turn role assignablity on and off
* easy to indicate roles need to be checked for existence by an app, like continuum with dynamic roles for each project and then archiva with repositories
* try to avoid composition over inheritance, its a touch confusing not to mention makes plexus-maven-plugin cry
* get rid of the database requirement all together, if we are doing role precalculation we should be able to swizzle the hierarchy in and out of xml when we need it and then we don't need to mess with the database at all, just need to understand the editting of the file and the internal relationships better
* User Assignments should not be a part of the rbac store or whatever we do there, they should be a seperate fooManager, that can be either stored on the User object/store kinda like acegi, or anywhere else keyed off of the username.