Add: expanded description of access control

author: Lars Wirzenius <liw@liw.fi> 2018-11-24 20:55:56 +0200
committer: Lars Wirzenius <liw@liw.fi> 2018-11-24 20:55:56 +0200
commit: 3ce2c8b2a997ca27d6b60830ac08d87c3087505f (patch)
tree: 3f43d8b89d07ddc76756288846ee6fac46ff40e2
parent: 006000ade8712a4866646fcc80613b1ae34a0e6a (diff)
download: muck-poc-3ce2c8b2a997ca27d6b60830ac08d87c3087505f.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/README b/README
index 3a9d79e..f470738 100644
--- a/README
+++ b/README
@@ -20,8 +20,12 @@ expected signing key is a key Muck configuration item. I use Qvisqve
 for my OpenID provider, but any provider should work.
 
 Access control is currently very simplistic, but will be improved
-later. The goal is to allow access to be specified per user, per
-resource, and per operation.
+later. Currently each resource is assigned an owner upon creation, and
+each user (subject) can access (see, update, delete) only their own
+resources. The goal is to allow access to be specified per user, per
+resource, and per operation (Tomjon can allow Verence to see a
+specific resource, but not update or delete). This will require the
+OpenID provider to support groups.
 
 Muck is currently a single-threaded Python program using the Bottle.py
 framework and its built-in HTTP server. The production version of Muck
author	Lars Wirzenius <liw@liw.fi>	2018-11-24 20:55:56 +0200
committer	Lars Wirzenius <liw@liw.fi>	2018-11-24 20:55:56 +0200
commit	3ce2c8b2a997ca27d6b60830ac08d87c3087505f (patch)
tree	3f43d8b89d07ddc76756288846ee6fac46ff40e2
parent	006000ade8712a4866646fcc80613b1ae34a0e6a (diff)
download	muck-poc-3ce2c8b2a997ca27d6b60830ac08d87c3087505f.tar.gz