[Mailman-Developers] Authorization System in Core

[Barry Warsaw]

On May 22, 2016, at 12:54 AM, Simon Hanna wrote:

>While in theory it would be possible to enforce permissions in core about who
>is allowed to call specific rest calls, this would require a lot of
>changes. I'm not sure we want to go this way.

I've resisted this for a long time, and I may continue to do so :).

I definitely consider the current REST API a privileged, administrative API
for integrating known, trusted components.  It should never be published on
any public IP address.  This isn't going to change.

A while back, Andrew Stuart wrote an authenticating proxy server he called
"mailmania"[1] which does exactly as Simon proposes above.  It authenticates
users and maps their roles to allowed REST calls.  It could be exposed on a
public IP and used to script the core.

I'd like to either promote mailmania to a official subproject, or fork it,
clean it up, and offer something much like it, either as a subproject (likely
at first) or as an optional component of the core.  Andrew has donated this to
the FSF so we can use what we want, but I think he doesn't have time these
days to develop it.  I'd like to come up with a better name :).

Anyway, that's the direction I think such a permission system should go in.

Cheers,
-Barry

[1] https://gitlab.com/astuart/mailmania