Make Security-policy a top level concept, not a feature

[mmarum-sugarcrm]

Original author: jasn...@gmail.com (April 12, 2012 22:36:30)

SPECIFICATION BUGS ONLY - Description ===================================== http://docs.opensocial.org/display/OSD/Security+Policy+should+not+be+a+Feature

Currently, there is a "security-policy" feature that is rather undefined in the core-gadget spec... several problems exist:

1. It's not clear what the real difference is between <Optional feature="security-policy" /> and <Require feature="security-policy" />,
2. It's not clear whether it's possible to have optional permissions vs. required permissions (e.g. these are the things I have to have in order to function, these are the things that would be nice), and
3. There's no api to determine if any given permission has been granted or not (at least none that I can see).

Ideally, Permissions would be a top level concept like Features... so instead of using a feature, these should be a variant of the Require and Optional elements... e.g.

<Module> <ModulePrefs> <Require feature="foo" /> <Optional feature="bar"/> <Require permission="some.permission" /> <Optional permission="some.other.permission" /> </ModulePrefs> </Module>

Then, we should have a gadgets.util.hasPermission(...) method alongside the gadgets.util.hasFeature API.

Document affected: ================== 1.) Please attach a patch for the document if appropriate. 2.) Post a thread at http://groups.google.com/group/opensocial-and-gadgets-spec/topics linking to this issue report. 3.) Post a comment on this issue, linking back to the thread.

Original issue: http://code.google.com/p/opensocial-resources/issues/detail?id=1299