grouper-users - Re: [grouper-users] discussion topic: default read/view privileges
Subject: Grouper Users - Open Discussion List
List archive
- From: Nate Klingenstein <>
- To: Chris Hyzer <>
- Cc: "" <>
- Subject: Re: [grouper-users] discussion topic: default read/view privileges
- Date: Sat, 22 Jun 2013 03:48:03 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport04.merit.edu; dkim=neutral (message not signed) header.i=none
The Shibboleth project has traditionally leaned towards secure defaults,
particularly for the identity provider. This was largely because we didn't
want to get publicly blamed for any breaches related to misconfiguration --
or at least to have a strong defense in the event it's happened.
There are a couple notable exceptions to this rule(e.g. SP not shipping with
cookies that are flagged secure) and we've tried to add WARNs to the logs in
those cases because we won't change defaults in a point release.
In my opinion the stricter default policies have served us well, especially
as our deployment base has grown.
I'd vote for changing this in the next major release, and until then,
documenting steps a deployer can take if security and privacy are concerns.
On Jun 22, 2013, at 3:36 , Chris Hyzer wrote:
> Anyways, what are the thoughts? Should this aspect of Grouper default to
> help security, or reusability (i.e. its easier to use/reuse groups if you
> can see and read them), or a hybrid (pick and choose folders)?
- [grouper-users] discussion topic: default read/view privileges, Chris Hyzer, 06/21/2013
- Re: [grouper-users] discussion topic: default read/view privileges, Nate Klingenstein, 06/21/2013
- Re: [grouper-users] discussion topic: default read/view privileges, Michael R. Gettes, 06/24/2013
- RE: [grouper-users] discussion topic: default read/view privileges, Gagné Sébastien, 06/25/2013
Archive powered by MHonArc 2.6.16.