Hi all, Today we had a discussion about the Permissions and Policy model of the Mobile Platform - the attendees were - Harsha, Shan, Gayan, Dilshan, Dilan, Mayuran, Kasun, Chan.
We are first considering the Permission model. Gartner states permissions as Access Management. The users of the system will belong two groups essentially - Operator roles - admins, super admin User roles - users *Operator roles* Super admin - Assign features to admins and what group the admin can perform operations on Admin - Perform operations to user roles We are also creating a bundle of permissions that can hold a set of permissions. This set of permissions can be applied to set of users. But the user can have only one bundle. *Concern* - XACML doesn't work properly on Carbon 4.1.0 but it works in Carbon 4.2.0 which will be released next week. To perform a full integration - carbon 4.2.0 needs to be released. *Pre policy - After policy* Before we enroll a device - we have a pre policy that checks for - compliance (not rooted, not jailbroken etc.). Afterwards we have a policies configured for the user role enforced on the device. *App Policy* We are also going to separate the control in a Device and Application level. The MDM policies set will say that these are the device level policies and these are the App level policies. *Compliance model of Enforcement* Some policies will be enforced with the compliance model. For an example if Evernote is a blacklisted app - a notification will be sent to the user and the user is restricted from accessing corporate resources. This can be done by long-polling or event driven approach. *Suggestions* - Have set of devices in the MDM sanctioned by the corporate. User's devices will be filtered by the list. -- Chan (Dulitha Wijewantha) Software Engineer - Mobile Development WSO2Mobile Lean.Enterprise.Mobileware * ~Email [email protected]* * ~Mobile +94712112165* * ~Website dulithawijewantha.com * * ~Blog blog.dulithawijewantha.com<http://dulichan.github.io/chan/> * * ~Twitter @dulitharw <https://twitter.com/dulitharw>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
