launchpad-dev team mailing list archive

Thread
Date

Re: using PermissiveSecurityPolicy when serving private xmlrpc requests

To: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: Julian Edwards <ed@xxxxxxxxxxxxxxxxxx>
Date: Mon, 1 Mar 2010 13:15:46 +0000
In-reply-to: <d06a5cd31003010429w7a250d8dwaa1477b549398d64@mail.gmail.com>
User-agent: KMail/1.12.2 (Linux/2.6.31-19-generic; KDE/4.3.2; x86_64; ; )

On Monday 01 March 2010 12:29:41 Jonathan Lange wrote:
> > It would look pretty much how I described it. We would keep our existing
> > web app security policy, and would have to define one or more "system"
> > users, as which the internal systems would authenticate. It's a bit
> > trickier here, since our web service API users don't have the same
> > freedom as our internal API users. For example, scripts can do things on
> > behalf of other users. When the link a branch, they can say which person
> > should be registered as linking the branch. I think we would have to
> > rework how the API works, in order for our internal systems to use it,
> > but maybe not.
> 
> Yeah, I have no idea on the best way to do the "on behalf of" thing.

We need something like sudo.

References

using PermissiveSecurityPolicy when serving private xmlrpc requests
From: Michael Hudson, 2010-02-23
Re: using PermissiveSecurityPolicy when serving private xmlrpc requests
From: Bjorn Tillenius, 2010-03-01
Re: using PermissiveSecurityPolicy when serving private xmlrpc requests
From: Jonathan Lange, 2010-03-01