trust-store convolutes identity and authority
Bug #1495680 reported by
John Johansen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Confirmed
|
Wishlist
|
Unassigned | ||
| trust-store |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
Currently trust-store stores the identity I and delegates the authority A for a given P. This means the authority A and permission P can not be delegated or handled at the policy level. Meaning the trust store needs to:
- reprompt and and delegate for pseudo identities, which exist to identify a combined permission set
- has to reprompt and store for identities that have been delegated permission P without going through the trust store
- can not participate in policy decisions that were made/updated outside of the trust store
etc.
| Changed in trust-store: | |
| status: | New → Confirmed |
| Changed in trust-store: | |
| importance: | Undecided → Wishlist |
Revision history for this message
| Tyler Hicks (tyhicks) wrote | #1 |
| Changed in apparmor: | |
| status: | New → Confirmed |
| importance: | Undecided → Wishlist |
To post a comment you must log in.
I've added an AppArmor task as John mentioned that libapparmor does not have sufficient APIs in place for trust-store to use.