On Wed, Feb 10, 2016 at 9:48 PM, Prabath Siriwardana <[email protected]> wrote:
> For C5 at the platform level we would need to have at east basic CRUD > operations supported for Users, Groups, Permissions and Roles - and > user/group - permission/role - role/group - role/user assignments.. This > would be the implementation used by most of the products out-of-the-box.. > > From the application developers' point of view, they need not to know > anything about Realm, for authentication and authorization - it would be > the JAAS API - and for user management operations it would be a > microservice.. > Both from the application developers' point of view and Carbon component developers' point of view.. > > WDYT ? > > Thanks & regards. > -Prabath > > On Wed, Feb 10, 2016 at 10:02 AM, Prabath Siriwardana <[email protected]> > wrote: > >> I guess first we need to come up with a model, which fits into C5, which >> mostly includes authentication and authorization. >> >> Then we need to explain how to extend that in IS - to support more >> complex user management operations.. >> >> Thanks & regards, >> -Prabath >> >> On Wed, Feb 10, 2016 at 2:40 AM, Jayanga Kaushalya <[email protected]> >> wrote: >> >>> Moving to architecture. >>> >>> *Jayanga Kaushalya* >>> Software Engineer >>> Mobile: +94777860160 >>> WSO2 Inc. | http://wso2.com >>> lean.enterprise.middleware >>> >>> On Wed, Feb 10, 2016 at 4:06 PM, Jayanga Kaushalya <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> >>>> We are currently in the process of designing the User Core architecture >>>> for the C5. Bellow is the currently proposed architecture for the user >>>> core. >>>> >>>> >>>> >>>> >>>> Security Module >>>> >>>> - >>>> >>>> Carbon JAAS security module. >>>> - >>>> >>>> Consumes user core APIs to authenticate and authorize users. >>>> >>>> >>>> Realm Service >>>> >>>> - >>>> >>>> OSGI service. >>>> >>>> >>>> - >>>> >>>> Any user related operation should be done through the Realm Service. >>>> >>>> >>>> - >>>> >>>> Privileged and non privileged realms. >>>> - >>>> >>>> Non privileged realm is what we set in the authenticated >>>> subject’s principal. >>>> - >>>> >>>> Privileged realm is obtained from the Realm service. >>>> >>>> >>>> - >>>> >>>> ex: Authenticating a user → getRealm() → getIdentityManager() → >>>> authenticate() >>>> >>>> >>>> Identity Manager >>>> >>>> - >>>> >>>> All user/group related operations. >>>> >>>> >>>> Identitystore Manager >>>> >>>> - All CRUD operations related to user stores. >>>> >>>> Authorization Manager >>>> >>>> - >>>> >>>> All permission related operations. >>>> >>>> >>>> Claim Manager >>>> >>>> - >>>> >>>> All claim related operations. >>>> >>>> >>>> User Profile Manager >>>> >>>> - >>>> >>>> Managing multiple user profiles. >>>> >>>> >>>> This design is not yet finalized and please give your ideas for >>>> improvements. >>>> >>>> Thanks! >>>> *Jayanga Kaushalya* >>>> Software Engineer >>>> Mobile: +94777860160 >>>> WSO2 Inc. | http://wso2.com >>>> lean.enterprise.middleware >>>> >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
