Guard access to security domains

[darranl]

Also related to this is how we handle trust from security domain to security domain.

[darranl]

Conversation re this issue: -

Darran Lofthouse
17:30
@DavidMLloyd a while back I raised an issue in the subsystem to guard access to the security domains #117 - now I am starting to think if we did decide to support some protection then really that is something handle within MSC - i.e. permissions checks before injecting / accessing the value of the service. Which would mean even if we don't support anything like that now I can forget about it from the perspective of the subsystem.
Link
17:30
Guard access to security domains · Issue #117 · wildfly-security/elytron-subsystem
Also related to this is how we handle trust from security domain to security domain.
David M. Lloyd
17:41
I think security domains are fairly safe to access
all the operations which might be sensitive are protected by perm checks
David M. Lloyd
17:42
hmm maybe not, I see mapName is exposed
David M. Lloyd
17:43
well we could either firm up access checks for users of security domains, or we could create a protected Supplier
David M. Lloyd
17:47
I don't think MSC can handle it generically; it would add overhead, and also maybe be incorrect because of the relative nature of service names
Darran Lofthouse
17:54
Problem is we also end up with the realms possibly also needing some protection
switching to Supplier however makes it easier for us to add a permissions check
David M. Lloyd
17:55
yeah we could do that for various things pretty easily
Darran Lofthouse
17:55
I will keep that issue open for a bit then so we will think about it in terms of Elytron if we don't think something generic is suitable