Add: ACL requirements

author: Lars Wirzenius <liw@liw.fi> 2019-03-26 15:17:37 +0200
committer: Lars Wirzenius <liw@liw.fi> 2019-03-26 15:17:37 +0200
commit: 2fb6f6374604e17d4eb996e260b5ed8e7f7a3fb4 (patch)
tree: 015f3ccbdd0841c8c6b15e279c41770e6d97a3be
parent: 7c3120bd94de1a04a12a6f97305da7d10f8a02f3 (diff)
download: ick.liw.fi-2fb6f6374604e17d4eb996e260b5ed8e7f7a3fb4.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/yuck.mdwn b/yuck.mdwn
index 08bf0ad..7f46226 100644
--- a/yuck.mdwn
+++ b/yuck.mdwn
@@ -170,6 +170,11 @@ reference in discussions.
   from brute-forcing a password by trying many times.
 * (TEMPLOCKNOTIFY) Yuck MUST notify an account owner of temporary
   locking, out of band.
+* (ACLSIMPLE) It must be easy to understand and reason about ACL
+  rules. It may be good aid this by visualising.
+* (ACLTRY) There must be a way to test ACL rules: if *this* user in
+  *these groups* does *this* operation for *this* resource, is it
+  allowed? This may require additional support from the RP.
 
 
 # Architecture: the ecosystem
author	Lars Wirzenius <liw@liw.fi>	2019-03-26 15:17:37 +0200
committer	Lars Wirzenius <liw@liw.fi>	2019-03-26 15:17:37 +0200
commit	2fb6f6374604e17d4eb996e260b5ed8e7f7a3fb4 (patch)
tree	015f3ccbdd0841c8c6b15e279c41770e6d97a3be
parent	7c3120bd94de1a04a12a6f97305da7d10f8a02f3 (diff)
download	ick.liw.fi-2fb6f6374604e17d4eb996e260b5ed8e7f7a3fb4.tar.gz