[jboss-jira] [JBoss JIRA] (AS7-4693) Implement Trust for users requesting to run as a different user.

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Sat Dec 8 08:10:17 EST 2012 

     [ https://issues.jboss.org/browse/AS7-4693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated AS7-4693:
----------------------------------

        Summary: Implement Trust for users requesting to run as a different user.  (was: Revisit authenticated user / authorized user split)
    Description: 
Where SASL is used for authentication users can request to authenticate as themselves but to be authorized to connect to the server as a different user.

A couple of examples where this could be used: -
 - A user granting access to another user to log into their account.
 - A user with two levels of access e.g. normal and admin and requesting they have admin level access.

Another area we are looking to use this feature is where one server connects to another server but want to be able to run requests on the remote server using the identity of a specified user.

This Jira issue is to enhance the security realms to allow for trust permissions to be defined - initially this will be local to a single realm but will subsequently be opened up to work across different realms.

  was:
When establishing a connection a remote user can specify the user they want to be authorized as which can be different to the user they authenticate as, e.g. a user with appropriate permissions may want to connect as an administrator or a user given access to someone elses account may want to connect as them.

We need to re-visit this including validation that they can connect as the user they are asking to.


    
> Implement Trust for users requesting to run as a different user.
> ----------------------------------------------------------------
>
>                 Key: AS7-4693
>                 URL: https://issues.jboss.org/browse/AS7-4693
>             Project: Application Server 7
>          Issue Type: Sub-task
>          Components: Remoting, Security
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: 7.2.0.Alpha1
>
>
> Where SASL is used for authentication users can request to authenticate as themselves but to be authorized to connect to the server as a different user.
> A couple of examples where this could be used: -
>  - A user granting access to another user to log into their account.
>  - A user with two levels of access e.g. normal and admin and requesting they have admin level access.
> Another area we are looking to use this feature is where one server connects to another server but want to be able to run requests on the remote server using the identity of a specified user.
> This Jira issue is to enhance the security realms to allow for trust permissions to be defined - initially this will be local to a single realm but will subsequently be opened up to work across different realms.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list