[db-wg] call for application authorisation ideas

Hi job

On 21/08/2015 02:32, Job Snijders wrote:
> On Fri, Aug 21, 2015 at 01:58:46AM +0200, denis wrote:
>> When it was suggested to hide the password hash I thought that was a
>> mistake. We should have hidden the whole MNTNER object from public
>> view. Why does anyone outside of my organisation need to see anything
>> in my MNTNER object? Why should you know if I use a password or PGP or
>> whatever? This is my business not yours.
>
> This seems to play into another thread, where someone had trouble
> retrieving the proper value of some "auth:" lines. It would be worth
> exploring how we can hide all "auth:" lines yet make them easily
> accessible to the owner.

Bear in mind that I have spent years thinking about some of these issues 
from many angles :) Sometimes a simple, quick fix is considered to be 
the appropriate course of action. I guess that is why we hid the 
password hashes. But in the end that proved to be not simple. Sometimes 
it is worth taking a step back and looking at a wider picture.

If you hide anything there has to be some method for the right people to 
see what is hidden. Once you start trying to hide significant parts of 
an object it may be easier to hide the whole object. And there can be 
additional benefits in that. Notifications are part of the security 
system within the database. Just as with the security tokens, there is 
no justifiable reason why the public should have any knowledge of who 
gets notified within my organisation when data is changed or some 
attempt is made.

If the whole MNTNER object is hidden it can be shown to authenticated 
users by an update with a pseudo attribute. Just as with a "dryrun:", if 
we have another pseudo attribute "show:" then instead of doing an update 
the full, current object is returned if the authorisation is valid. This 
will work with any of the authorisation tokens in the object.

cheers
denis

>
> Kind regards,
>
> Job
>