qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DISPATCH-1388) Authorization doc fails to describe vhost abstraction clearly
Date Thu, 18 Jul 2019 15:57:00 GMT
Chuck Rolke created DISPATCH-1388:

             Summary: Authorization doc fails to describe vhost abstraction clearly
                 Key: DISPATCH-1388
                 URL: https://issues.apache.org/jira/browse/DISPATCH-1388
             Project: Qpid Dispatch
          Issue Type: Improvement
          Components: Documentation
    Affects Versions: 1.8.0
            Reporter: Chuck Rolke
            Assignee: Chuck Rolke

Security documentation misses an important point when describing policy and how policy is
effected by vhost settings: Access policy is applied at the point of ingress to a router network.
Once access is granted to a resource then all resources with that name anywhere in the network
are accessible.

Access restrictions are specified in a policy vhost object. The vhost contains the restrictions
that get applied to a connection when the connection is established. Reading the doc it sounds
as if there are vhost objects that may contain addresses somewhere in the router. That conceptual
model is the issue in the doc that needs to be fixed.

Methods for Specifying Vhost Policy Source and Target Addresses is a good example. In the
table the first item is titled _Allow all users in the user group to access all source or
target addresses on the vhost_ . In reality the addresses are not _on the vhost but are in
the router network_.

Throughout the document the text "on a vhost" could be changed to "through a vhost" or "specified
by a vhost", or could be removed entirely. 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message