[rabbitmq-discuss] Access control documentation
Ben Hood
0x6e6562 at gmail.com
Fri Sep 19 12:53:14 BST 2008
On Wed, Sep 17, 2008 at 8:19 AM, Ben Hood <0x6e6562 at gmail.com> wrote:
>> Am not bagging RabbitMQ here, as what it sounds like, it's just that
>> the other implementers didn't quite get it.. But it just seems like a
>> big loss to lose realms from the spec.
This thread has sparked off an internal disucussion about what is the
best thing to do with realms and tickets given that
1. They were going to be deleted from the spec;
2. We already had a lot of functionality that could have used
othogonally to the protocol.
Whilst we did already have a lot of code that implemented ACLs in a
way that second guessed the intentions of the original spec, this code
wasn't necessarily totally correct.
Furthermore, the intentions of realms and their subsequent
implementation was also not necessarily conceptually sound.
Hence the decision to remove realms completely seems like the correct
way to go in the short term, because, as much as anything, it
simplifies the server codebase.
However, this does not necessarily mean the book on security
administration in Rabbit is closed, just this particular chapter.
If anybody in the community feels that there is a significant value
add in providing more refined security mechanisms (e.g. using ACLs,
capabilities or something else), then let the discussion begin.
Due to my priorities, I'm not going to lead this discussion, or write
any code for it in the short term, but feel free to use this list as a
forum.
Ben
More information about the rabbitmq-discuss
mailing list