[rabbitmq-discuss] Fwd: Access control documentation

Ben Hood 0x6e6562 at gmail.com
Mon Sep 29 18:24:05 BST 2008


On Mon, Sep 29, 2008 at 8:26 AM, Anthony <anthony-rabbitmq at hogan.id.au> wrote:

> After Ben suggested that some discussion was perhaps warranted on this
> task, I went away and spoke to my colleagues about our experiences and
> such. I wrote up the following and ran it past them.. Yes, I approach
> this very much from the perspective of someone who doesn't code
> regularly, but is often the one installing/configuring/maintaining
> stuff based upon supplied requirements. This isn't intended to belt
> anyone over the head or kick up a stink, but to demonstrate there are
> some real world needs for finer grained ACLs. Hopefully this inspires some
> thought/commentary on what an ACL system might include.

I think there is a lot of merit in the use cases you have described in
this mail.

Please understand that realms were not discarded because people didn't
want fine grained ACLs per se, just that they not particularly well
specified and hence very difficult to implement properly.

Certainly we would *like* to have some more fine grained AC that what
we currenly have. Something capability based would probably be nicer
than plain jane ACLs, but this would be subject to requirements and
design. In plain English, this could potentially go into the roadmap
at some stage.

If you would like to improve the chances of doing this, you could
start a community based initiative which would entail documenting use
cases and identifying potential solutions, eventually cutting some

Otherwise you're going to have to be very persuasive to get this
bumped up the list of priorities :-)

Does anybody else have any views on access control?



More information about the rabbitmq-discuss mailing list