[aerogear-dev] [Unified Push Server] Roles structure & password management
Corinne Krych
corinnekrych at gmail.com
Thu Oct 17 10:21:35 EDT 2013
Do you mean fine-grained ACL?
On Oct 17, 2013, at 4:17 PM, Sebastien Blanc <scm.blanc at gmail.com> wrote:
> Well, yes now that you said that :) Security based on Grouping.
>
>
> On Thu, Oct 17, 2013 at 4:15 PM, Matthias Wessendorf <matzew at apache.org> wrote:
> you mean grouping ?
>
>
> On Thu, Oct 17, 2013 at 4:13 PM, Sebastien Blanc <scm.blanc at gmail.com> wrote:
>
>
>
> On Thu, Oct 17, 2013 at 3:44 PM, Matthias Wessendorf <matzew at apache.org> wrote:
> any corp. org. may want some with just read-only access;
> The project lead is allowed to update the keys etc, but all the /normal/ developers can just see the IDs/secrets (so that they can use it in their server apps).
>
> This is also an interesting point, at some point don't we want the "read" rights limited to a single/set of pushapps or even a level deeper based on variants ?
> Maybe in a big company, Bob the slacker intern has read access for his supracool push app but also has access to the Public Relation Push App keys ...
>
>
>
> I guess that's not really (at least for me) closely related to a 'test via admin ui' feature
>
> -M
>
>
> On Thu, Oct 17, 2013 at 3:39 PM, Corinne Krych <corinnekrych at gmail.com> wrote:
> Not sure about the role: user.
>
> What will be the use case for this one?
> One use case, I see is if the 'user' is a tester. If we had the feature to send push notification test via admin UI (as we discussed in [1] and [2]).
>
> ++
> Corinne
> [1] http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Push-Server-Admin-UI-td2678.html#a2718
> [2] https://issues.jboss.org/browse/AGPUSH-38
>
> On Oct 17, 2013, at 3:09 PM, Matthias Wessendorf <matzew at apache.org> wrote:
>
> >
> >
> >
> > On Thu, Oct 17, 2013 at 2:54 PM, Sebastien Blanc <scm.blanc at gmail.com> wrote:
> >
> >
> >
> > On Thu, Oct 17, 2013 at 2:35 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:
> >
> > On Oct 15, 2013, at 11:14 AM, Sebastien Blanc <scm.blanc at gmail.com> wrote:
> >
> >> So for the next Unified Push Release (0.9) it would be nice if we could have some decent User Management, so I'm bumping this thread again.
> >> Some existing pointer :
> >>
> >> - this thread :)
> >> - https://issues.jboss.org/browse/AGPUSH-351
> >> - https://gist.github.com/sebastienblanc/6547605
> >>
> >> First point to define is :
> >> - What roles do we want ? And what can these Roles do ?
> >
> > Admin - Can do all things including creating other users
> > Developer - can create apps and such. no access to the user management UI
> > User - read only - not sure if this one is needed
> > Yes, not sure also but why not ? Could be useful for a monitoring app/RHQ plugin that just want to retrieve the list of active pushapps ...
> >
> >
> > +1 - I like these three different roles, including their rights
> >
> >
> >
> >
> >> - How can these Roles be created (granted ...)
> >> - Design
> >
> > I think we are still waiting on Hylke for this? not sure
> >
> >>
> >> Seb
> >>
> >>
> >>
> >> On Tue, Sep 17, 2013 at 2:07 PM, Matthias Wessendorf <matzew at apache.org> wrote:
> >>
> >>
> >>
> >> On Tue, Sep 17, 2013 at 2:04 PM, Apostolos Emmanouilidis <aemmanou at redhat.com> wrote:
> >> Following the discussion on GitHub [1], here are some points to be
> >> discussed about the user management flow:
> >>
> >> - Does it make sense to add a role select field (admin, developer) on
> >> the enrollment page?
> >>
> >> hrm, and (perhaps later) a section where to define the roles ? I think it's a good point, but not sure we need all this 'now' :-)
> >>
> >> - Should we add an additional password field (password confirmation) on
> >> the enrollment page?
> >>
> >> yeah, would be nice
> >>
> >> - I think that the current logged in user shouldn't be available for
> >> deletion
> >>
> >> yep, I agree
> >>
> >> [1]:
> >> https://github.com/aerogear/aerogear-unifiedpush-server-admin-ui/pull/6
> >>
> >>
> >>
> >> On Fri, 2013-09-13 at 10:15 +0200, Sebastien Blanc wrote:
> >> > A Jira has been created https://issues.jboss.org/browse/AGPUSH-351
> >> > And draft structure has been created
> >> > here https://gist.github.com/sebastienblanc/6547605 that can be used
> >> > as base for the Pull Request.
> >> >
> >> >
> >> > On Fri, Sep 13, 2013 at 5:53 AM, Douglas Campos <qmx at qmx.me> wrote:
> >> > On Thu, Sep 12, 2013 at 09:39:28AM -0300, Bruno Oliveira
> >> > wrote:
> >> > > Would be nice to have a 8 hands document on it
> >> >
> >> >
> >> > who's going to start the pull request on it? it's SPECTIME!
> >> >
> >> > --
> >> > qmx
> >> > _______________________________________________
> >> > aerogear-dev mailing list
> >> > aerogear-dev at lists.jboss.org
> >> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > aerogear-dev mailing list
> >> > aerogear-dev at lists.jboss.org
> >> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >>
> >>
> >> --
> >> Matthias Wessendorf
> >>
> >> blog: http://matthiaswessendorf.wordpress.com/
> >> sessions: http://www.slideshare.net/mwessendorf
> >> twitter: http://twitter.com/mwessendorf
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list