Security Model
- Set of agents/plugins per user session
- Adhere to principal of least privilege
- Entry point
- Authentication (e.g. frontend in different authentication domain)
- Pluggable
- Ssl/ssh
- Plugins
- Run with privileges of user
- Propagation of credentials through network
- Agents
- Require elevated privileges
- Starting/stopping/reconfigure
- Session manager controls credentials
- Query API
- Agent/Plugin API’s include credentials
- Refresh credentials