stanbol-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmür <r...@apache.org>
Subject Re: It's not security, but rather multi-user vs. single-user Stanbol
Date Mon, 08 Apr 2013 13:10:32 GMT
Hi Bertrand

It's not just about about multi-user. Even we would say that we want
Stanbol only to be a stateless single-user engine we might still care about
handling java security correctly in case we want to support our modules
being integrated in other applications. So the issue would not just about
doping authentication but also to significantly reduce reusability of the
Stanbol components.

Take for example a logging system. Typically a library that provides no
support for multiple-user. Yet such a library has to care about not
requiring any unexpected permission on logging.

Cheers,
Reto

On Mon, Apr 8, 2013 at 12:11 PM, Bertrand Delacretaz <bdelacretaz@apache.org
> wrote:

> Hi,
>
> I'm trying to understand the disconnect that we're seeing in the
> security discussions...isn't that more about the following two modes
> of using Stanbol?
>
> Single user Stanbol:
> A stateless engine that's accessed by trusted systems, which are
> supposed to handle security and access control by themselves
>
> Multi-user Stanbol:
> An engine that's accessed by non-trusted users and might store their
> data, so needs security features, user management, etc.
>
> Agreeing on these two usage modes might help us have more constructive
> discussions, IMO, about features that multi-user requires but
> single-user doesn't even want to see.
>
> -Bertrand
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message