[PATCH] dbus-spec: introduce new PERMIT_INTERACTIVE_AUTHENTICATION
David Herrmann
dh.herrmann at gmail.com
Thu Sep 4 04:28:19 PDT 2014
Hi
On Thu, Sep 4, 2014 at 4:02 AM, Thiago Macieira <thiago at kde.org> wrote:
> On Thursday 04 September 2014 02:01:43 Lennart Poettering wrote:
>> Well, we have an immediate need now for the auth interactive flag, and
>> auth is something that happens for a large number of methods as simple
>> part of the operation. That's why dbus has policy already built in,
>> and why polkit exists, to make it easy to do auth for methods offered
>> via the bus.
>>
>> This is different for something like your suggested "save-dialog"
>> flag, because that is a very specific thing, showing save dialogs via
>> bus methods calls is not a common property of all method calls, it's a
>> very exceptional one.
>
> Those are just two cases that came to mind looking at how KDE does things
> *today*. So it's not exceptional, it's real and current.
>
> I save downloads more often than I need polkit authentication.
It's not about quantity of calls, but how many methods are affected by this.
If interactivity is part of a operation that is done by a method call,
it is totally acceptable to add a method-argument that selects
interactivity. This is unlike authorization, which it is part of the
transmission layer (is the source allowed to perform that operation?),
not part of the actual operation. Authorization needs to be done for
*all* method calls (standard dbus policies). This flag extends this by
optional interactive authentication. I don't see how this has anything
to do with an interactivity-flag for the actually performed operation.
>> I mean, if such a entirely generic interactivity flag makes sense one
>> day, we can add that too, but for now, let's focus on what we really
>> need right now, where we have existing usecases.
>
> I'm simply extending the use-case to other, very similar problems. It doesn't
> seem to me that this problem is of authentication, but of user lengthy
> interaction.
If we make this flag generic, there is no way to disable
interactive-auth but enable an interactive operation. Maybe you want a
"save download" dialog, but without any interactive authentication.
Thanks
David
More information about the dbus
mailing list