Shall we use SCIM 2.0 [1] for /Users and /Groups APIs - and introduce our own API for /Roles and /Permissions..?
Identity Server can introduce its own API for complex user management operations... [1]: https://tools.ietf.org/html/rfc7644 Thanks & regards, -Prabath On Wed, Feb 10, 2016 at 9:55 PM, Prabath Siriwardana <[email protected]> wrote: > > > On Wed, Feb 10, 2016 at 9:48 PM, Prabath Siriwardana <[email protected]> > wrote: > >> For C5 at the platform level we would need to have at east basic CRUD >> operations supported for Users, Groups, Permissions and Roles - and >> user/group - permission/role - role/group - role/user assignments.. This >> would be the implementation used by most of the products out-of-the-box.. >> >> From the application developers' point of view, they need not to know >> anything about Realm, for authentication and authorization - it would be >> the JAAS API - and for user management operations it would be a >> microservice.. >> > > Both from the application developers' point of view and Carbon component > developers' point of view.. > > >> >> WDYT ? >> >> Thanks & regards. >> -Prabath >> >> On Wed, Feb 10, 2016 at 10:02 AM, Prabath Siriwardana <[email protected]> >> wrote: >> >>> I guess first we need to come up with a model, which fits into C5, which >>> mostly includes authentication and authorization. >>> >>> Then we need to explain how to extend that in IS - to support more >>> complex user management operations.. >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Wed, Feb 10, 2016 at 2:40 AM, Jayanga Kaushalya <[email protected]> >>> wrote: >>> >>>> Moving to architecture. >>>> >>>> *Jayanga Kaushalya* >>>> Software Engineer >>>> Mobile: +94777860160 >>>> WSO2 Inc. | http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> On Wed, Feb 10, 2016 at 4:06 PM, Jayanga Kaushalya <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> We are currently in the process of designing the User Core >>>>> architecture for the C5. Bellow is the currently proposed architecture for >>>>> the user core. >>>>> >>>>> >>>>> >>>>> >>>>> Security Module >>>>> >>>>> - >>>>> >>>>> Carbon JAAS security module. >>>>> - >>>>> >>>>> Consumes user core APIs to authenticate and authorize users. >>>>> >>>>> >>>>> Realm Service >>>>> >>>>> - >>>>> >>>>> OSGI service. >>>>> >>>>> >>>>> - >>>>> >>>>> Any user related operation should be done through the Realm >>>>> Service. >>>>> >>>>> >>>>> - >>>>> >>>>> Privileged and non privileged realms. >>>>> - >>>>> >>>>> Non privileged realm is what we set in the authenticated >>>>> subject’s principal. >>>>> - >>>>> >>>>> Privileged realm is obtained from the Realm service. >>>>> >>>>> >>>>> - >>>>> >>>>> ex: Authenticating a user → getRealm() → getIdentityManager() → >>>>> authenticate() >>>>> >>>>> >>>>> Identity Manager >>>>> >>>>> - >>>>> >>>>> All user/group related operations. >>>>> >>>>> >>>>> Identitystore Manager >>>>> >>>>> - All CRUD operations related to user stores. >>>>> >>>>> Authorization Manager >>>>> >>>>> - >>>>> >>>>> All permission related operations. >>>>> >>>>> >>>>> Claim Manager >>>>> >>>>> - >>>>> >>>>> All claim related operations. >>>>> >>>>> >>>>> User Profile Manager >>>>> >>>>> - >>>>> >>>>> Managing multiple user profiles. >>>>> >>>>> >>>>> This design is not yet finalized and please give your ideas for >>>>> improvements. >>>>> >>>>> Thanks! >>>>> *Jayanga Kaushalya* >>>>> Software Engineer >>>>> Mobile: +94777860160 >>>>> WSO2 Inc. | http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
