[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#5555) authzTo ACL check for wrong principal
Full_Name: Andrew Findlay
Version: 2.4.10
OS: Linux: SuSE 10.2
URL:
Submission from: (NULL) (88.97.25.132)
When using "authz-policy to" I find that the entity that is trying to do an
operation on behalf of another entity needs read access to its own authzTo
attribute.
This seems wrong: authzTo is defining what the user may do: I do not really want
them to be able to see it. When doing a proxy authz I think ACLs for this
attribute should not be checked at all as the access is effectively being done
by the rootdn.