* Benji Weber <b.weber@warwick.ac.uk> [Oct 08. 2007 23:17]:
- The system administrator could allow certain modules to be run without a root password.
Again good, as long as you can restrict granted privileges to actions rather than applications, which I believe policykit will allow. There's also apparmor possibility as you mention later.
AppArmor focuses on file access protection based on the uid of the calling process. So its doesn't really support 'role based' access control.
- The actual programs doing the actions would be forced to be separated from the UI code (a good design anyway), with something like the system message bus (D-Bus) as the middle man.
Another very good thing. Although it would be a good idea to consider the use case of managing a system remotely. It should be possible to manage a remote suse machine using a YaST frontend locally for example, this could enable making changes on multiple machines at once etc.
Agreed. However we will probably restrict our own efforts to 1:1 remote management and leave 1:many management to other parts of the company (namely the SRM business unit). One of the development goals is certainly to break the backend ('Model'; scr, libstorage, libzypp, etc.), control layer ('Controller', ycp/perl code) and user interface ('View') into separate, loosely coupled entities and foster a 3-tier (Model-View-Controller) architecture.
Klaus was working on ws-management interface to YaST (see http://idea.opensuse.org/content/ideas/yast-as-a-webservice) which it might be worth looking at. I believe it is functional to some extent, and might be exposable over dbus as well as http as it's soap.
SOAP as a local communication protocol (e.g. over dbus) is too heavyweight. The nice thing about Ws-Management is its standardization and ease of integration into existing (ws-man based) management environments. Enabling remote management targets enterprise requirements and we should follow existing standards there. In detail this means - CIM (resp. WS-CIM == CIM over WS-Man) for the Model - Controller communication (low level functionality) - WS-Man (e.g. YaST as a webservice) for the Controller - Presentation Layer communication (high level functionality) - HTTP / HTML for the Presentation Layer - User Interface communication (dialogs) This will comply to existing standards, fit enterprise requirements and would also deliver on the interoperability promise. Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org