HALd: a few steps toward JDS

[Michael Krivoruchko]

Hi David,

David Zeuthen wrote:
> On Wed, 2005-09-14 at 23:33 +0100, Michael Krivoruchko wrote:
>> Hi David and All,
>>
>> There are a few people at Sun are working on HALd with intention to utilize
>> functionality provided by the daemon in the next release of JDS. One of the
>> requirements for JDS is support of multiuser environment. The goal of the
>> architecture proposed in the document linked below is to improve granularity
>> of access rights management in order to let a mortal user to manage devices
>> he/she owns.
>>
>>    http://blogs.sun.com/roller/resources/misha/hald_arch.html
> 
> An interesting read.

Thanks.

>> The document is a sketch of the proposed architecture, but I hope it is good
>> enough to be used as a starting point for discussion.
> 
> So, I read through the document and I *think* that I can guess what the
> user experience you are after. I have a few comments about the technical
> stuff but is it possible you can expand the document with examples of
> concrete user experiences and examples of required UI to make this work?
> I think it then will become much easier to discuss the technical
> details.
> 

I have updated 'Use Case' part of the document. The following is a bit
more thoughts on Roles and Users scenarios.

Roles
-----

Role contexts provide access to devices assigned to a system configuration
specific group. For example, some network devices could be assigned to
a group 'netadm'. A system configuration specific callout program adds property
'info.scope' with value 'role:netadm' to a new device with gid 'netadm'. The
device then "goes" to a role context created for 'netadm' role. During system
start up '/org/freedesktop/Hal/Manager/netadm' object is created and D-Bus
configuration allows a few users (or any user with gid 'netadm') to access this
object.
For a user who should be able to access 'netadm' object an environment variable
used by libhal context is set to '/org/freedesktop/Hal/Manager/netadm'. As the
result, this user will be able to "see" all devices assigned to 'netadm' role
context.

It should be possible to write a multi-purpose callout program which would
replace the system configuration specific callout mentioned above with
system configuration specific configuration file. This would simplify the
implementation of this scenario.

Users
-----

This scenario is for software and hardware thin clients with user owned devices
like Xegl or SunRay. There were a few discussions on HAL mailing list relevant
to support of devices owned by an individual user on a multi-user systems:

   http://lists.freedesktop.org/archives/hal/2005-July/002714.html
   http://lists.freedesktop.org/archives/hal/2005-August/002941.html

I believe, expected user experience is pretty obvious - a user on a thin client
should see just devices the user owns.


I hope the above answers your question. Let me please know what else should be
clarified.

Thanks,
Misha
--