Is your feature request related to a problem? Please describe.
Zowe Explorer SDK was designed with the purpose of sharing resources such as connection profiles with Zowe Explorer extenders to make integrating with Zowe Explorer and layering other products on top of it easy. However, customers are reporting that they would like to keep control which extensions access what information.
Describe the solution you'd like
I propose to add an audit log level that records access to Zowe Explorer data such as profiles and sessions that contain passwords and tokens as well as other data such the registration of new menus. We could lock the access (after a transition period for extenders) behind a required registration call (independent of registering a new profile type) and audit all calls the registered extenders make to Zowe Explorer SDK. Another more advanced feature would be allowing customers to manage white and blacklists of extensions that have access. Part of a Zowe certification process could mean that an extender would be listed as part of the default whitelist.
Describe alternatives you've considered
Additional context
Is your feature request related to a problem? Please describe.
Zowe Explorer SDK was designed with the purpose of sharing resources such as connection profiles with Zowe Explorer extenders to make integrating with Zowe Explorer and layering other products on top of it easy. However, customers are reporting that they would like to keep control which extensions access what information.
Describe the solution you'd like
I propose to add an audit log level that records access to Zowe Explorer data such as profiles and sessions that contain passwords and tokens as well as other data such the registration of new menus. We could lock the access (after a transition period for extenders) behind a required registration call (independent of registering a new profile type) and audit all calls the registered extenders make to Zowe Explorer SDK. Another more advanced feature would be allowing customers to manage white and blacklists of extensions that have access. Part of a Zowe certification process could mean that an extender would be listed as part of the default whitelist.
Describe alternatives you've considered
Additional context