Date: Fri, 06 Feb 1998 11:12:08 +1030 From: Mike Smith <mike@smith.net.au> To: Colman Reilly <careilly@monoid.cs.tcd.ie> Cc: Richard Wackerbarth <rkw@dataplex.net>, config@FreeBSD.ORG, mike@smith.net.au Subject: Re: WebAdmin Message-ID: <199802060042.LAA01683@dingo.cdrom.com> In-Reply-To: Your message of "Wed, 04 Feb 1998 22:18:52 -0000." <199802042218.WAA18923@monoid.cs.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
> [Is anyone except me, Richard and Mike getting this?] I think so. But most of them are dead-set on hitting everything with their own particular hammer. 8( > Actually, the problem here is probably a requirements mismatch. I don't > believe that the configuration/system management task can be simply reduced > to reading/writing parameters. The objects being managed are generally more > complex than that, and we need to keep as much of the target specific stuff > right at the back end of the system. This is a very salient observation. Richard and I have both tried (but I think) failed to make the point that there are *two* things living in the backend; the configuration _data_, and the _procedures_ that consume that data to perform configuration. In Richard's case, he wants to know all the procedures in advance and bury them in a table-based lookup. From my point of view, it'd be easier to codify them in a procedural language-of-choice for the module designer, but either way you look at it it is the combination of the two that's important. > From the point of access control is is nice to have available the operations > like append, restart, create which express the meaning of the transaction in > order to make it easier to write (say) ACLs. Would you rather rather write > deny "write" on ".hub.controls.reset" to richard > or > deny "hub reset" to richard IMHO this is a task for a consumer to achieve. A consumer is either trusted or not trusted. A trusted consumer is expected to exercise discretion, which may involve ACLs, etc. Bearing in mind that it is the *consumer* that actually knows what the logical operations are. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802060042.LAA01683>