3.3. Domain Model
3.3.1. Domains
The concept of Domains has come up a number of times in the design spec. On even cursory reading of the HPI specification, it can be seen that domains take up a large portion of the specification. Domains are arbitrary logical groupings of resources. They can be overlapping (i.e. the same resource can appear in multiple domains), and they need not be hierarchical.
The intended use of Domains appears to be as a security mechanism. Page 18 of the HPI 1.0 specification describes domains to be used by a "Lanlord" to get access to a set of resources by a "Tenant". A problem that arises from this interpretation is the requirement in HPI 1.0 that the security pointer to saHpiSessionOpen be NULL. Because of this fact, privilege separation can not be acheived through the HPI interface in its current incarnation.
3.3.2. OpenHPI's take on Domains
Because of this fact, the OpenHPI team has decided not to implement multiple domains at this time. If there is no way to privilege separate users, then all users have access to all resources anyway. Hence, security is not made any better.
Of further note, OpenHPI is expected to be utilized and productized by many different organizations for different purposes. Given this, it seems counter productive to have OpenHPI itself enforce policy about what qualifies as a Domain. There are ideas about how multiple domains will be implemented in OpenHPI in the future, and how site admins will be able to configure the domain structure to fit their site policy. If you wish to participate in this element of design, please join our mailing list and speak up. We are more than happy to accept new volunteers.
3.3.3. Sessions
Closely associated with Domains are sessions. The second call that any application must make when interfacing with HPI is saHpiOpenSession. It takes a DomainId as an identifier, and provides a session handle which allows the user to access resources only within that Domain.
As OpenHPI only uses SAHPI_DEFAULT_DOMAIN applications using OpenHPI will only have to open a single session. |