diff options
author | Lars Wirzenius <liw@liw.fi> | 2019-03-26 15:17:37 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2019-03-26 15:17:37 +0200 |
commit | 2fb6f6374604e17d4eb996e260b5ed8e7f7a3fb4 (patch) | |
tree | 015f3ccbdd0841c8c6b15e279c41770e6d97a3be | |
parent | 7c3120bd94de1a04a12a6f97305da7d10f8a02f3 (diff) | |
download | ick.liw.fi-2fb6f6374604e17d4eb996e260b5ed8e7f7a3fb4.tar.gz |
Add: ACL requirements
-rw-r--r-- | yuck.mdwn | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -170,6 +170,11 @@ reference in discussions. from brute-forcing a password by trying many times. * (TEMPLOCKNOTIFY) Yuck MUST notify an account owner of temporary locking, out of band. +* (ACLSIMPLE) It must be easy to understand and reason about ACL + rules. It may be good aid this by visualising. +* (ACLTRY) There must be a way to test ACL rules: if *this* user in + *these groups* does *this* operation for *this* resource, is it + allowed? This may require additional support from the RP. # Architecture: the ecosystem |