[Mailman-Developers] PyCon 2009 sprint: Webinterface

Patrick Ben Koetter p at state-of-mind.de
Tue Mar 24 07:44:18 CET 2009 

* Barry Warsaw <barry at list.org>:
>> How do we do it? Do I get write access to Mailman wiki?
>
> You should have write access just by virtue of having an account on the 
> wiki.  There are only a few pages that aren't generally writable by every 
> logged in user.  If you're having a problem with a specific page, let me 
> know.

I'll give it a try later.


>> We've thought about different client technologies too. That's the  client
>> technology part I wrote about in the wiki.
>>
>> Which we didn't discuss was fully authenticated access for the REST  server
>> by design. If I understand this correctly than any party that is able to
>> communicate with the REST server will have full admin access to  Mailman's
>> data model. In other words: It's upon any REST client to protect the REST
>> server from abuse.
>
> That's basically correct.
>
>> I feel a little uneasy not having the server control that itself  unless we
>> find a good way to control who may connect to the server or the server is
>> able to identify valid clients by some client identity (ACL).
>
> It depends on whether we view the REST API as a user feature or an admin
> interface.  I've always thought about it as the latter, but I'm open to 

It's probably both, depending on the users role.

> other opinions.  OTOH, I think there's a lot of functionality that a 
> privileged process could need, that the general public won't need at all. 

That's what I think, too.

>  Another way to think about it is that there doesn't need to be just one 
> REST API.

Yes and I think this would make maintaining code, setting the whole system up
and configuring it more complicated.

Currently one REST server that uses a role model to determine access level to
MM's data model seems the best approach to me. I am open to suggestions.


>>> What this means though is that when you deploy Mailman's REST  interface,
>>> you must take care to protect it.  You wouldn't want to expose it to the
>>> internet for example.  You'd want to make sure that its interface is

Exposing it to the internet is a typical use case in my eyes e.g. run the
server on the internet, but control it from a different host. I can see
mailman providers offering access to their MM server to customers who
integrate their client on their servers - on the internet.

>>> accessibly on via your data center, or via localhost if you were  running
>>> a turnkey standalone system.
>>
>> I was thinking of TLS client/server authentication for open networks.  Not
>> that I have spent time yet to find out if Python (REST) tools provide such
>> functionality - I am sure it does, but given my low Python experience, I'd
>> rather verify...
>
> I'm not sure about this either.

We should check. Client/server communication will send/receive personal data
that IMHO should always be protected during transport regardless of the REST
data access control model we choose.

p at rick

-- 
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

http://www.state-of-mind.de

Franziskanerstraße 15      Telefon +49 89 45227227
81669 München              Telefax +49 89 45227226

Amtsgericht München        Partnerschaftsregister PR 563

More information about the Mailman-Developers mailing list