ardek66
commented
2 years ago Titan token authentication has been replaced with a global authority file where upload will be authorised based on a list of authorized certificates.
Instead of zones in the configuration file, read and write authorisation could be configured directly in the respecive authority files of restricted zones
Continuation of the Titan authorisation discussed in #5. I'm making this issue to keep track of changes and proposed ideas.
The Titan password should ultimately be replaced with certificate(s), as they provide an improvment in both security and administration. I think a better way of configuration would be to have 2 zones for restricting access, one that would restrict both downloading and uploading files, and one that would restrict just uploading. This should be trivial to implement using the internal API.
As for per-user Titan access, an idea I have to is to implement optional authority files in the home directories, and if they exist, it would allow uploading over all the space of the user's public directory, and restrict it to the certificates defined in them.