You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by GitBox <gi...@apache.org> on 2022/11/15 08:16:40 UTC
[GitHub] [james-project] chibenwa commented on a diff in pull request #1310: [ADR] 64. Account Delegation
chibenwa commented on code in PR #1310:
URL: https://github.com/apache/james-project/pull/1310#discussion_r1022455826
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
Review Comment:
Please states that this relates to https://github.com/apache/james-project/blob/master/src/adr/0061-delegation.md
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
Review Comment:
There's no vice-versa
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
Review Comment:
This feature is useful for VIP (who have secretaries), admins, etc...
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
+
+The popular email provider also provide same feature, eg: [Google](https://support.google.com/mail/answer/138350?hl=en)
+
+## Decision
+
+Based on DelegationStore API, provide the jmap interface (jmap rfc-8621) for the user.
+
+- Provide JMAP methods:
+ - Delegate/get: list accountIds can the user access
Review Comment:
- Delegate/get: list accountIds can the user access (his account as well as accounts delegated to him)
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
+
+The popular email provider also provide same feature, eg: [Google](https://support.google.com/mail/answer/138350?hl=en)
+
+## Decision
+
+Based on DelegationStore API, provide the jmap interface (jmap rfc-8621) for the user.
+
+- Provide JMAP methods:
+ - Delegate/get: list accountIds can the user access
+ - Delegate/set (create/delete):
+ + Delegate my account to other people (please note that only the owner of the account should be able to interact with the delegation settings)
Review Comment:
Move (please note that only the owner of the account should be able to interact with the delegation settings) on the line above.
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
+
+The popular email provider also provide same feature, eg: [Google](https://support.google.com/mail/answer/138350?hl=en)
+
+## Decision
+
+Based on DelegationStore API, provide the jmap interface (jmap rfc-8621) for the user.
+
+- Provide JMAP methods:
+ - Delegate/get: list accountIds can the user access
+ - Delegate/set (create/delete):
+ + Delegate my account to other people (please note that only the owner of the account should be able to interact with the delegation settings)
+ + Revoke delegation of my account on another person's account (revoke a right given to me)
+ + Revoke delegation of another people's account on my account (revoke a right given to others)
+
+- Delegation on JMAP endpoints (API, eventsource, websocket, download, uploads, etc.. all of them). Use of accountIds of delegated accounts
+
+## Consequences
+
+## Alternatives
+
+- If you only want to share a mailbox, you can set rights in the `Mailbox/set` method
Review Comment:
-> Remove
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
Review Comment:
This goes into the consequences section, below.
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
+
+The popular email provider also provide same feature, eg: [Google](https://support.google.com/mail/answer/138350?hl=en)
+
+## Decision
+
+Based on DelegationStore API, provide the jmap interface (jmap rfc-8621) for the user.
+
+- Provide JMAP methods:
+ - Delegate/get: list accountIds can the user access
+ - Delegate/set (create/delete):
+ + Delegate my account to other people (please note that only the owner of the account should be able to interact with the delegation settings)
+ + Revoke delegation of my account on another person's account (revoke a right given to me)
+ + Revoke delegation of another people's account on my account (revoke a right given to others)
+
+- Delegation on JMAP endpoints (API, eventsource, websocket, download, uploads, etc.. all of them). Use of accountIds of delegated accounts
+
+## Consequences
+
Review Comment:
What are the consequences?
- Bring some commonly expected collaborative features
- We would need a way to "list acconts delegated to me" in the delegation store. We could use Cassandra LOGGED batch to keep this eventually consistent
- The mailboxSession needs to cary over information regarding logged in user to allow restricting access to the delegation JMAP methods to only the account owner.
Is there some security considerations?
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
+
+The popular email provider also provide same feature, eg: [Google](https://support.google.com/mail/answer/138350?hl=en)
+
+## Decision
+
+Based on DelegationStore API, provide the jmap interface (jmap rfc-8621) for the user.
Review Comment:
Based on DelegationStore API, provide a James specific JMAP extension for managing delegation.
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
Review Comment:
The user that had been granted access begin accessing that account then read, send, respond to, and delete email messages... on your behalf.
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
+
+The popular email provider also provide same feature, eg: [Google](https://support.google.com/mail/answer/138350?hl=en)
+
Review Comment:
Mention also https://github.com/apache/james-project/blob/master/server/protocols/jmap-rfc-8621/doc/specs/spec/mail/rights.mdown and why it is not helpful for this use case.
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
Review Comment:
Please state that James currently supports account delegation in IMAP / SMTP through SASL OIDC as well as SASL AUTH PLAIN cf https://github.com/apache/james-project/blob/master/src/adr/0061-delegation.md
##########
src/adr/0064-account-delegation.md:
##########
@@ -0,0 +1,48 @@
+# 64. Account Delegation
+
+Date: 2022-11-15
+
+## Status
+
+Accepted (lazy consensus).
+
+Not yet implemented.
+
+## Context
+
+The account delegation is a feature that gives another permission to access your account and vice versa.
+The user has been delegated can begin accessing that account from your own account,
+then read, send, respond to, and delete email messages... on their behalf.
+This feature will be helpful for teamwork, family, collaboration, or company department...
+
+The account delegation will help James to have more benefits:
+
+- Shared the mailbox resources
+- Multi-users can use a shared account
+- Can give different limited access to each user
+
+The popular email provider also provide same feature, eg: [Google](https://support.google.com/mail/answer/138350?hl=en)
+
+## Decision
+
+Based on DelegationStore API, provide the jmap interface (jmap rfc-8621) for the user.
+
+- Provide JMAP methods:
+ - Delegate/get: list accountIds can the user access
+ - Delegate/set (create/delete):
+ + Delegate my account to other people (please note that only the owner of the account should be able to interact with the delegation settings)
+ + Revoke delegation of my account on another person's account (revoke a right given to me)
+ + Revoke delegation of another people's account on my account (revoke a right given to others)
+
+- Delegation on JMAP endpoints (API, eventsource, websocket, download, uploads, etc.. all of them). Use of accountIds of delegated accounts
Review Comment:
What does this means?
Suggestions:
JMAP endpoints should support being called with accountIds of delegated accounts and needs to proceed authorization logic according to delegations.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org