Mercurial > prosody-modules

view mod_seclabels/README.markdown @ 5448:9d542e86e19a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Allow requesting a subset of scopes on token refresh This enables clients to request access tokens with fewer permissions than the grant they were given, reducing impact of token leak. Clients could e.g. request access tokens with some privileges and immediately revoke them after use, or other strategies.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 21:40:09 +0200
parents a1d641e88918
children
line wrap: on
line source

---
labels:
- 'Stage-Alpha'
summary: Security Labels
...

Introduction
============

This module implements [XEP-0258: Security Labels in XMPP], but not
actual policy enforcement. See for example [mod_firewall] for that.

Configuration
=============

As with all modules, you enable it by adding it to the modules\_enabled
list.

These options exist:

  Name                      Description             Default
  ------------------------- ----------------------- -------------
  security\_catalog\_name   Catalouge name          "Default"
  security\_catalog\_desc   Catalouge description   "My labels"

You can then add your labels in a table called security\_labels. They
can be both orderd and unorderd, but ordered comes first.

``` {.lua}
security_labels = {
  { -- This label will come first
    name = "Public",
    label = true, -- This is a label, but without the actual label.
      default = true -- This is the default label.
  },
  {
    name = "Private",
    label = "PRIVATE",
    color = "white",
    bgcolor = "blue"
  },
  Sensitive = { -- A Sub-selector
    SECRET = { -- The index is used as name
      label = true
    },
    TOPSECRET = { -- The order of this and the above is not guaranteed.
      color = "red",
      bgcolor = "black",
    }
  }
}
```

Each label can have the following properties:

  Name             Description                                               Default
  ---------------- --------------------------------------------------------- ----------------------------------------------------------
  name             The name of the label. Used for selector.                 Required.
  label            The actual label, ie `<esssecuritylabel/>`                Required, can be boolean for a empty label, or a string.
  display          The text shown as display marking.                        Defaults to the name
  color, bgcolor   The fore- and background color of the display marking     None
  default          Boolean, true for the default. Only one may be default.   false