diff options
| author | Russ Allbery <rra@stanford.edu> | 2013-03-27 15:19:54 -0700 | 
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2013-03-27 15:19:54 -0700 | 
| commit | 5df16adc5024c56e3d733741919954308b4d498a (patch) | |
| tree | 5f042adaaa988478ca271f41f9b272ef5a1b45b5 /docs/notes | |
| parent | 431c3b56a52b9fe3135ab4339bada13ed49bda92 (diff) | |
| parent | 6871bae8e26beadaff5035de56b4f70a78961dc9 (diff) | |
Merge tag 'upstream/1.0' into debian
Upstream version 1.0
Diffstat (limited to 'docs/notes')
| -rw-r--r-- | docs/notes | 22 | 
1 files changed, 16 insertions, 6 deletions
| @@ -46,7 +46,7 @@ Server Issues    ACL Management -    Supported operations are:  get, store, create (possibly triggered by a +    Supported operations are: get, store, create (possibly triggered by a      get or store of something that didn't already exist), destroy, show,      and setting or clearing flags.  Each of these need a separate ACL      potentially.  Not sure if we're going to need separate ACLs for each @@ -62,10 +62,9 @@ Server Issues      that returns a default ACL given the object type and name if the      object doesn't already exist. -    Owner rights provides get, store, and show, but not destroy or setting -    or clearing flags (not destroy because it's too destructive and we -    don't want it done accidentally).  This can be overridden by more -    precise ACL settings.  So the ACL logic would go like this: +    Owner rights provides get, store, show, and destroy, but not setting +    or clearing flags.  This can be overridden by more precise ACL +    settings.  So the ACL logic would go like this:       * If the user is an administrator and the operation isn't get or         store, operation is permitted. @@ -74,7 +73,8 @@ Server Issues         that specific ACL, apply that ACL.       * If the object exists but with no specific ACL setting and the -       operation is one of get, store, or show, apply the owner ACL. +       operation is one of get, store, show, or destroy, apply the owner +       ACL.       * If the object doesn't exist and the action is get, store, or         create, punt to a local policy if it exists and see if it returns a @@ -226,3 +226,13 @@ Client Issues      There are other approaches, but the other approaches all require      changes to the server side as well, whereas this is self-contained in      the client and can be more easily dropped when we drop K4. + +License + +    Copyright 2006, 2007, 2008, 2013 +        The Board of Trustees of the Leland Stanford Junior University + +    Copying and distribution of this file, with or without modification, +    are permitted in any medium without royalty provided the copyright +    notice and this notice are preserved.  This file is offered as-is, +    without any warranty. | 
