a message header flag for interactive authentication?

Lennart Poettering mzqohf at 0pointer.de
Tue Aug 26 12:22:24 PDT 2014


On Tue, 26.08.14 12:02, Thiago Macieira (thiago at kde.org) wrote:

> 
> On Tuesday 26 August 2014 20:46:58 Lennart Poettering wrote:
> > I am not convinced really that we should make this that complicated. I
> > mean, maybe one day, when the flags param is fully used, we can add an
> > extended flags field, to add more bits...
> > 
> > Also, and more importantly, to me this really isn't an arbitrary user
> > extension (for which adding a generic dictionary to the header might
> > make sense), but so close to how we use dbus, that it deserves a flag in
> > the header...
> 
> I disagree. This is definitely user metadata.
> 
> I don't oppose hardcoding this specific user metadata, but let's not kid 
> ourselves. This opens a precedent for anyone who wants to transmit metadata 
> and we won't be able to pass judgement on whether their idea is good or not.

Well the way I see it is that pretty much everybody who uses dbus needs
an authentication framework, that fills in where dbus built-in policy is
not enough. Any real-life application needs something like this, dbus is
simply not that useful without it. Pretty much all our system daemons in
the general stack that use dbus actually hook into polkit, due to that...

So, in my opinion polkit should probably never have been considered
distinct from dbus, it should not have been a project of its own i guess,
it should probably have been named "dbus authentication" instead...

Hence, given that this is how it is, I am pretty sure this is not just
arbitrary use metadata, but very close to how dbus is used in almost all
of the cases, and hence deserves the header flag... 

Lennart

-- 
Lennart Poettering, Red Hat


More information about the dbus mailing list