diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2016-10-11 17:07:16 +0200 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2017-01-26 21:40:08 +0100 |
| commit | 1d4de11a907e41c06063a2cd5028dc4101690f50 (patch) | |
| tree | 69af98bbe6512cdbcab33267574c131f85ffd597 /docs/permissions.md | |
| parent | bfc9c138b1a9e87f9d387e2f900c14807c9da9b9 (diff) | |
Prepare the Integration with systemd
This is an intermediate commit providing
basic functionnalities for setting up
integration of the framework with systemd.
- file afm-unit.conf is a mustache template
- translation of config.xml to json object
- mustache (extended) application of the json to the template
- post processing of the result for extracting unit files
This processing is currently available as a test
(and a tool) and will be integrated after more
developement, test and validation.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'docs/permissions.md')
| -rw-r--r-- | docs/permissions.md | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/docs/permissions.md b/docs/permissions.md new file mode 100644 index 0000000..300a719 --- /dev/null +++ b/docs/permissions.md @@ -0,0 +1,61 @@ +The permissions +=============== + + +Permission's names +------------------ + +The proposal here is to specify a naming scheme for permissions +that allows the system to be as stateless as possible. The current +current specification includes in the naming of permissions either +the name of the bound binding when existing and the level of the +permission itself. Doing this, there is no real need for the +framework to keep updated a database of installed permissions. + +The permission names are [URN][URN] of the form: + + urn:AGL:permission:<binding>:<level>:<hierarchical-name> + +where "AGL" is the NID (the namespace identifier) dedicated to +AGL (note: a RFC should be produced to standardize this name space). + +The permission names are made of NSS (the namespace specific string) +starting with "permission:" and followed by colon separated +fields. The 2 first fields are <binding> and <level> and the remaining +fields are gouped to form the <hierarchical-name>. + + <binding> ::= [ <pname> ] + + <pname> ::= 1*<pchars> + + <pchars> ::= <upper> | <lower> | <number> | <extra> + + <extra> ::= "-" | "." | "_" | "@" + +The field <binding> can be made of any valid character for NSS except +the characters colon and star (:*). This field designate the binding +providing the permission. It is use to deduce binding requirements +from permission requirements. The field <binding> can be the empty +string when the permission is defined by the AGL system itself. +The field <binding> if starting with the character "@" represents +a transversal permission not bound to any binding. + + <level> ::= 1*<lower> + +The field <level> is made only of letters in lower case. +The field <level> can only take some predefined values: +"system", "platform", "partner", "tiers", "owner", "public". + + <hierarchical-name> ::= <pname> 0*(":" <pname>) + +The field <hierarchical-name> is made <pname> separated by +colons. The names at left are hierarchically grouping the +names at right. This hierarchical behaviour is intended to +be used to request permissions using hierarchical grouping. + +Permission's level +------------------ + + +[URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax" + |