qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Qpid > Method Considered Harmful
Date Mon, 24 May 2010 10:36:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1810/9/21/_/styles/combined.css?spaceKey=qpid&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="http://cwiki.apache.org/confluence/display/qpid/Method+Considered+Harmful">Method
Considered Harmful</a></h2>
    <h4>Page  <b>added</b> by             <a href="http://cwiki.apache.org/confluence/display/~ritchiem">Martin
Ritchie</a>
    </h4>
         <br/>
    <div class="notificationGreySide">
         <p>A lot of the object types and operations used in the ACL file are shared
between the Java and C++ brokers and are non-contentious, since they represent actual objects
that exist in AMQP - broker, queue, exchange and so forth. What appears to be at issue is
how to permission extra funtionality in the broker, such as administration of user accounts
or logging levels The C++ broker's 'METHOD' object is one mechanism, and results in ACL lines
that specify a single method or set of methods that can be executed, and does not convey whether
these are reading, writing or have other side effects on the broker. An example is shoen below:</p>

<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>ACL ALLOW adk UPDATE METHOD name=getLoggingLevel
ACL ALLOW adk UPDATE METHOD name=setLoggingLevel
ACL ALLOW adk UPDATE METHOD name=reloadLoggingConfig
</pre>
</div></div>

<p>This seems to be at the wrong level of abstraction. Looking at this in a general
fashion, there are three things we wish to do to objects: get a property, set a property and
execute an operation. These can be mapped to READ, WRITE, EXECUTE or GET, SET, INVOKE, ACCESS,
UPDATE, ADMIN, and so on as operations. The next step would be to decide what the object type
is that is being manipulated. I would be happy for this to be one of the existing AMQP objects,
including BROKER, since this follows the existing pattern of permissions. Another point to
note is that existing mechanisms such as JMX already have the conceptual split into these
three types of action.</p>

<p>If we abandon the METHOD object in favour of existing object types, we still need
to be able to permission such items as users and logging, and I propose these are made part
of the broker object, with the possibility of adding other, vendor-specific extensions too.
This would result in ACL lines as shown below, which would grant permission to view attributes
of the logging subsystem, update those attributes and execute other administrative  actions.
Finally, if there is a management schema change and the names of methods used change, or new
methods and attributes are added, the ACL file does not have to be changed, since the permissions
relate to subsystems or extensions.</p>

<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>ACL ALLOW adk ACCESS BROKER extension=logging
ACL ALLOW adk UPDATE BROKER extension=logging
ACL ALLOW adk ADMIN BROKER extension=logging
</pre>
</div></div>
<p>or</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>ACL ALLOW adk ADMIN BROKER subsystem=acl
</pre>
</div></div>

<p>If we want to create an ACL file format that is usable across AMQP brokers, then
the use of 'extension=&lt;name&gt;' or 'subsystem=&lt;name&gt;' with a set
of pre-defined names, say 'logging', 'users', 'configuration', and a naming convention to
prevent clashes, such as 'x&#45;&lt;vendor&gt;&#45;&#42;' for vendor specific
implementations or just 'x&#45;&#42;' for experimental extensions/subsystems seems
appropriate.</p>

    </div>
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>
       <a href="http://cwiki.apache.org/confluence/display/qpid/Method+Considered+Harmful">View
Online</a>
              |
       <a href="http://cwiki.apache.org/confluence/display/qpid/Method+Considered+Harmful?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
           </div>
</div>
</div>
</div>
</div>
</body>
</html>

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message