Authorization in Wolframe has two levels. The first level is authorization based on connection info, e.g. is a client allowed/denied to connect from a certain ip or network. Connection info based authorization happens on connect to the server.
The second level is command authorization based on identity (user attributes, connection characteristics) that is done on execution of a function. Identity based authorization can can be defined for the access of resources. It's is up to us to define the access control matrix
The authorization based on connection info is implemented in the server configuration as IP restrictions (see chapter "IP restrictions").
Authorization
The aspect of authorization is configured in the
subsection Authorization of the AAAA section
in the server configuration.
The only working configuration is the
default Authorization configuration with
the setting to allow access to anybody authenticated
that is not explicitely denied:
AAAA
{
Authorization
{
Authorization {
default allow
}
}
}
The command execution authorization is not implemented yet completely. The idea is to have programs that map authorization function calls to Wolframe function calls. The language to describe these programs is not yet defined. The mechanism to map the authorize requests to the function calls already exists. Authorization based on command execution will be a subject of the next release.
Copyright © 2014 - Project Wolframe - All Rights Reserved