For C5 at the platform level we would need to have at east basic CRUD operations supported for Users, Groups, Permissions and Roles - and user/group - permission/role - role/group - role/user assignments.. This would be the implementation used by most of the products out-of-the-box..
>From the application developers' point of view, they need not to know anything about Realm, for authentication and authorization - it would be the JAAS API - and for user management operations it would be a microservice.. WDYT ? Thanks & regards. -Prabath On Wed, Feb 10, 2016 at 10:02 AM, Prabath Siriwardana <[email protected]> wrote: > I guess first we need to come up with a model, which fits into C5, which > mostly includes authentication and authorization. > > Then we need to explain how to extend that in IS - to support more complex > user management operations.. > > Thanks & regards, > -Prabath > > On Wed, Feb 10, 2016 at 2:40 AM, Jayanga Kaushalya <[email protected]> > wrote: > >> Moving to architecture. >> >> *Jayanga Kaushalya* >> Software Engineer >> Mobile: +94777860160 >> WSO2 Inc. | http://wso2.com >> lean.enterprise.middleware >> >> On Wed, Feb 10, 2016 at 4:06 PM, Jayanga Kaushalya <[email protected]> >> wrote: >> >>> Hi all, >>> >>> We are currently in the process of designing the User Core architecture >>> for the C5. Bellow is the currently proposed architecture for the user core. >>> >>> >>> >>> >>> Security Module >>> >>> - >>> >>> Carbon JAAS security module. >>> - >>> >>> Consumes user core APIs to authenticate and authorize users. >>> >>> >>> Realm Service >>> >>> - >>> >>> OSGI service. >>> >>> >>> - >>> >>> Any user related operation should be done through the Realm Service. >>> >>> >>> - >>> >>> Privileged and non privileged realms. >>> - >>> >>> Non privileged realm is what we set in the authenticated >>> subject’s principal. >>> - >>> >>> Privileged realm is obtained from the Realm service. >>> >>> >>> - >>> >>> ex: Authenticating a user → getRealm() → getIdentityManager() → >>> authenticate() >>> >>> >>> Identity Manager >>> >>> - >>> >>> All user/group related operations. >>> >>> >>> Identitystore Manager >>> >>> - All CRUD operations related to user stores. >>> >>> Authorization Manager >>> >>> - >>> >>> All permission related operations. >>> >>> >>> Claim Manager >>> >>> - >>> >>> All claim related operations. >>> >>> >>> User Profile Manager >>> >>> - >>> >>> Managing multiple user profiles. >>> >>> >>> This design is not yet finalized and please give your ideas for >>> improvements. >>> >>> Thanks! >>> *Jayanga Kaushalya* >>> Software Engineer >>> Mobile: +94777860160 >>> WSO2 Inc. | http://wso2.com >>> lean.enterprise.middleware >>> >> >> > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
