From 1d4de11a907e41c06063a2cd5028dc4101690f50 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 11 Oct 2016 17:07:16 +0200 Subject: Prepare the Integration with systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is an intermediate commit providing basic functionnalities for setting up integration of the framework with systemd. - file afm-unit.conf is a mustache template - translation of config.xml to json object - mustache (extended) application of the json to the template - post processing of the result for extracting unit files This processing is currently available as a test (and a tool) and will be integrated after more developement, test and validation. Signed-off-by: José Bollo --- docs/permissions.md | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 docs/permissions.md (limited to 'docs/permissions.md') diff --git a/docs/permissions.md b/docs/permissions.md new file mode 100644 index 0000000..300a719 --- /dev/null +++ b/docs/permissions.md @@ -0,0 +1,61 @@ +The permissions +=============== + + +Permission's names +------------------ + +The proposal here is to specify a naming scheme for permissions +that allows the system to be as stateless as possible. The current +current specification includes in the naming of permissions either +the name of the bound binding when existing and the level of the +permission itself. Doing this, there is no real need for the +framework to keep updated a database of installed permissions. + +The permission names are [URN][URN] of the form: + + urn:AGL:permission::: + +where "AGL" is the NID (the namespace identifier) dedicated to +AGL (note: a RFC should be produced to standardize this name space). + +The permission names are made of NSS (the namespace specific string) +starting with "permission:" and followed by colon separated +fields. The 2 first fields are and and the remaining +fields are gouped to form the . + + ::= [ ] + + ::= 1* + + ::= | | | + + ::= "-" | "." | "_" | "@" + +The field can be made of any valid character for NSS except +the characters colon and star (:*). This field designate the binding +providing the permission. It is use to deduce binding requirements +from permission requirements. The field can be the empty +string when the permission is defined by the AGL system itself. +The field if starting with the character "@" represents +a transversal permission not bound to any binding. + + ::= 1* + +The field is made only of letters in lower case. +The field can only take some predefined values: +"system", "platform", "partner", "tiers", "owner", "public". + + ::= 0*(":" ) + +The field is made separated by +colons. The names at left are hierarchically grouping the +names at right. This hierarchical behaviour is intended to +be used to request permissions using hierarchical grouping. + +Permission's level +------------------ + + +[URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax" + -- cgit 1.2.3-korg