4.5. Authorization

Authorization in Wolframe has two levels. The first level is authorization based on connection info, e.g. is a client allowed/denied to connect from a certain ip or network. Connection info based authorization happens on connect to the server.

The second level is command authorization based on identity (user attributes, connection characteristics) that is done on execution of a function. Identity based authorization can can be defined for the access of resources. It's is up to us to define the access control matrix

4.5.1. Authorization based on connection info

The authorization based on connection info is implemented in the server configuration as IP restrictions (see chapter "IP restrictions").

4.5.2. Authorization based on identity

Authorization The aspect of authorization is configured in the subsection Authorization of the AAAA section in the server configuration. The only working configuration is the default Authorization configuration with the setting to allow access to anybody authenticated that is not explicitely denied:

        Authorization {
            default allow

4.5.3. Command execution authorization

Development status

The command execution authorization is not implemented yet completely. The idea is to have programs that map authorization function calls to Wolframe function calls. The language to describe these programs is not yet defined. The mechanism to map the authorize requests to the function calls already exists. Authorization based on command execution will be a subject of the next release.