- On every polkit_context_is_[caller|session]_authorized we load all .policy XML files. This is bad. Dave Jones will kill us. We should 1. Suggest that a single .policy file only contains actions with a given name space com.example.MyApp. We do this by printing a big fat WARNING in polkit-policy-file-validate(1) if it isn't the case. 2. We make the policy cache smart and look for the right .policy file when called from the is_*_authorized path. If it aint there or if it doesn't contain the given action we load all the .policy XML files. 3. When we break ABI (for 1.0 or sooner) we turn the WARNING from 1. into an ERROR and drop the "Load all XML files" from the is_*_authorized path. Of course, other paths (iterate over all declared actions; find action by annotation) will still need to load the bulk of the files. But normally only polkit-auth(1) and polkit-action(1) and other management tools will ever do this. - Increase test suite coverage - Finish up documentation; in particular how results from config files, defaults and authorizations play together - Potentially drop the glib dependency from polkit-grant - Kill the config file - Add support for granting authorizations to a) UNIX Groups; and b) SELinux security contexts - Add API and support in polkit-auth/polkit-action for maintaining a list of entities for whom implicit authorizations do not apply. (Typical example is that in a desktop OS one wants a UNIX group for "Restricted Users". Another example is a guest account.) - Add API and support in polkit-auth/polkit-action to define what administrator auth means. - Add k/v dictionaries to Actions; e.g. the Mechanism for dial-up networking can attach the key/value pair "phone_number" -> "555-123-4567" The is a bit like Objects mentioned in the spec (and what we used to have as PolKitResource) but a bit more blurry. They need to be typed too for presentation in the UI - Go to 1.0 soon - Include the patch from Piter PUNK to optionally avoid the PAM dependency (manually checks against /etc/shadow instead)