Allow sites to require explicit elevation to authorized privileges, or a toggle button

[jarich]

DoD requirement:

"The application must require users to re-authenticate when organization-defined circumstances or situations require re-authentication. ... Within DoD the minimum circumstances requiring re-authentication are privilege escalation and role changes."

Subject to system configuration: users initially only gain read-only (identity, scan, state, tasks etc) authorization to their UI server/the UI Server they are logging into. Users can escalate their privilege to execute (hold, trigger) and/or write (trigger-edit, reload), subject to the authorization levels set for them, via a toggle which would cause their session to be dropped and the user to be asked to be reauthenticate. The user would then have an appropriately escalated session for a (system configurable) duration before it would down-grade again to read-only access, requiring re-escalation again if required.

System configuration would specify:

• starting authorization for users logging into their own UIServer (none, read, execute, write)
• starting authorization for users logging into others' UIServers
• maximum authorization for users logging into their own UIServer
• maximum authorization for users logging into others' UIServers

User and workflow configuration would specify:

• starting authorization for self logging into their own UIServer
• maximum authorization for self logging into their own UIServer
• starting authorizations for other users logging into self's UIServer

Note: if UIServers are "owned" by virtual users (eg realm accounts) then - in production - it might make sense to have the starting and maximum authorization for that user to be none.

Note 2: These authorizations may differ per user or per UNIX group.