Re: new web app urls discussion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Mon, 23 Jan 2012 09:59:08 -0500
"Adam M. Dutko" <dutko.adam@xxxxxxxxx> wrote:

> Why can we not forward everything through a filter? For instance:

well, thats hard for people to remember and tell to others. ;) 

> where render is a rewrite to a method that determines which host a
> particular project resides on. This approach would scale and seems to
> fit the requirements. In terms of making it "easy for users" we would
> still have to come to a consensus on whether to use
> or Either way these
> could then be mapped "internally" through our proxy/webserver of
> choice to the proper rendering method + option(s).

Well, we already do this with our proxy setup, but we want to usually
keep the url constant so it doesn't confuse people. Also, we need to be
carefull with the csrf stuff, and the domains for sharing cookies. 

> I imagine this solution might cause a problem with SSO and cookies so
> it might be a non-starter unless we are able to migrate to more of a
> unified RBAC model where someone authenticates to our "root" domain
> but then access to other applications is granted per site. Such an
> approach might also help cleanup the authentication, authorization and
> accounting (AAA) issues new applications sometimes experience by
> enabling us to write a "clean authentication module" developers can
> import to make their application "Fedora Project AAA Compliant." A big
> task indeed but it might help with NIHS for new applications.
> Maybe I didn't think this through? thoughts, suggestions,
> explicatives? :-)

Yeah, I don't know that I like this for the cookie and readability
reasons, but thanks for the ideas. ;) 


Attachment: signature.asc
Description: PGP signature

infrastructure mailing list

[Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux