trust-store convolutes identity and authority
Bug #1495680 reported by
John Johansen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Confirmed
|
Wishlist
|
Unassigned | ||
trust-store |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Currently trust-store stores the identity I and delegates the authority A for a given P. This means the authority A and permission P can not be delegated or handled at the policy level. Meaning the trust store needs to:
- reprompt and and delegate for pseudo identities, which exist to identify a combined permission set
- has to reprompt and store for identities that have been delegated permission P without going through the trust store
- can not participate in policy decisions that were made/updated outside of the trust store
etc.
Changed in trust-store: | |
status: | New → Confirmed |
Changed in trust-store: | |
importance: | Undecided → Wishlist |
To post a comment you must log in.
I've added an AppArmor task as John mentioned that libapparmor does not have sufficient APIs in place for trust-store to use.