Hi, I would like to extend the methods of the User/Group Lookup API[1] with an optional argument "onBehalfOf" that carries the authenticated user who made the initial method call. The argument must only be set by a privileged client. When a client makes a lookup request to the multiplexer, the multiplexer authenticates the client using SO_PEERCRED. In each subsequent call to other services, it sets the authenticated user in the onBehalfOf argument to the method call. Services must only honour the argument if the connecting client was identified as a privileged client, i.e. it would receive the "privileged" section of the User or Group Record. In all other cases, they must ignore the argument and use SO_PEERCRED themselves to determine the client user. The concrete use case for this is to allow a service to take more fine-grained control of the data it returns, e.g. it strips location or realName from the record if an unprivileged user make a query, or chooses a user-bound OAuth token to make calls to a Web API in response to the request. What do others think of this? Cheers, Nik [1] https://systemd.io/USER_GROUP_API/
Attachment:
signature.asc
Description: PGP signature
