Exclude security-group apps from authentication prompts #363

James-Mart · 2023-03-28T18:17:37Z

Front-end should respect security groups.

For operations:

Whenever one applet calls an operation on another applet, the receiver knows the sender and is therefore able to choose whether or not to ask the user for permission, or to simply allow it. Security groups can in this way be easily enforced.

For actions:

When one applet calls an action on another applet's service, then common-sys can determine if the external service is part of the same security group. If so, then there is no need to ask the user for permission.

James-Mart · 2024-06-17T23:22:30Z

Actually, with plugin infra, the "security group" is just part of the implementation of the plugin function. The plugin can allow, disallow, or require user confirmation on the sharing of any private user data.

James-Mart added this to the R1 milestone Jul 10, 2023

James-Mart self-assigned this Jul 14, 2023

James-Mart modified the milestones: R1, R2 Jul 17, 2023

James-Mart added the Plugin Infra Related to the infrastructure used by front-end app or plugin developers label Aug 29, 2023

James-Mart closed this as not planned Won't fix, can't repro, duplicate, stale Jun 17, 2024

James-Mart removed this from the R2 milestone Sep 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Exclude security-group apps from authentication prompts #363

Exclude security-group apps from authentication prompts #363

James-Mart commented Mar 28, 2023

James-Mart commented Jun 17, 2024

Exclude security-group apps from authentication prompts #363

Exclude security-group apps from authentication prompts #363

Comments

James-Mart commented Mar 28, 2023

James-Mart commented Jun 17, 2024