Hi Prabath, On Sat, Feb 13, 2016 at 2:47 AM, Prabath Siriwardana <[email protected]> wrote:
> Shall we use SCIM 2.0 [1] for /Users and /Groups APIs - and introduce our > own API for /Roles and /Permissions..? > +1. Actually we are already taking SCIM as a guide to design user core API. Our goal is to provide set of core APIs which easily facilitate all functionalists described in SCIM specification. We can expose an identity management rest service which is built around SCIM as you mentioned. ie. User/Group resources will be standard SCIM resources and Role/Permission resources will be extended SCIM resources. Thanks, Darshana > > Identity Server can introduce its own API for complex user management > operations... > > [1]: https://tools.ietf.org/html/rfc7644 > > Thanks & regards, > -Prabath > > On Wed, Feb 10, 2016 at 9:55 PM, Prabath Siriwardana <[email protected]> > wrote: > >> >> >> On Wed, Feb 10, 2016 at 9:48 PM, Prabath Siriwardana <[email protected]> >> wrote: >> >>> For C5 at the platform level we would need to have at east basic CRUD >>> operations supported for Users, Groups, Permissions and Roles - and >>> user/group - permission/role - role/group - role/user assignments.. This >>> would be the implementation used by most of the products out-of-the-box.. >>> >>> From the application developers' point of view, they need not to know >>> anything about Realm, for authentication and authorization - it would be >>> the JAAS API - and for user management operations it would be a >>> microservice.. >>> >> >> Both from the application developers' point of view and Carbon component >> developers' point of view.. >> >> >>> >>> WDYT ? >>> >>> Thanks & regards. >>> -Prabath >>> >>> On Wed, Feb 10, 2016 at 10:02 AM, Prabath Siriwardana <[email protected]> >>> wrote: >>> >>>> I guess first we need to come up with a model, which fits into C5, >>>> which mostly includes authentication and authorization. >>>> >>>> Then we need to explain how to extend that in IS - to support more >>>> complex user management operations.. >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> On Wed, Feb 10, 2016 at 2:40 AM, Jayanga Kaushalya <[email protected]> >>>> wrote: >>>> >>>>> Moving to architecture. >>>>> >>>>> *Jayanga Kaushalya* >>>>> Software Engineer >>>>> Mobile: +94777860160 >>>>> WSO2 Inc. | http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> On Wed, Feb 10, 2016 at 4:06 PM, Jayanga Kaushalya <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> We are currently in the process of designing the User Core >>>>>> architecture for the C5. Bellow is the currently proposed architecture >>>>>> for >>>>>> the user core. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Security Module >>>>>> >>>>>> - >>>>>> >>>>>> Carbon JAAS security module. >>>>>> - >>>>>> >>>>>> Consumes user core APIs to authenticate and authorize users. >>>>>> >>>>>> >>>>>> Realm Service >>>>>> >>>>>> - >>>>>> >>>>>> OSGI service. >>>>>> >>>>>> >>>>>> - >>>>>> >>>>>> Any user related operation should be done through the Realm >>>>>> Service. >>>>>> >>>>>> >>>>>> - >>>>>> >>>>>> Privileged and non privileged realms. >>>>>> - >>>>>> >>>>>> Non privileged realm is what we set in the authenticated >>>>>> subject’s principal. >>>>>> - >>>>>> >>>>>> Privileged realm is obtained from the Realm service. >>>>>> >>>>>> >>>>>> - >>>>>> >>>>>> ex: Authenticating a user → getRealm() → getIdentityManager() → >>>>>> authenticate() >>>>>> >>>>>> >>>>>> Identity Manager >>>>>> >>>>>> - >>>>>> >>>>>> All user/group related operations. >>>>>> >>>>>> >>>>>> Identitystore Manager >>>>>> >>>>>> - All CRUD operations related to user stores. >>>>>> >>>>>> Authorization Manager >>>>>> >>>>>> - >>>>>> >>>>>> All permission related operations. >>>>>> >>>>>> >>>>>> Claim Manager >>>>>> >>>>>> - >>>>>> >>>>>> All claim related operations. >>>>>> >>>>>> >>>>>> User Profile Manager >>>>>> >>>>>> - >>>>>> >>>>>> Managing multiple user profiles. >>>>>> >>>>>> >>>>>> This design is not yet finalized and please give your ideas for >>>>>> improvements. >>>>>> >>>>>> Thanks! >>>>>> *Jayanga Kaushalya* >>>>>> Software Engineer >>>>>> Mobile: +94777860160 >>>>>> WSO2 Inc. | http://wso2.com >>>>>> lean.enterprise.middleware >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +1 650 625 7950 >>>> >>>> http://blog.facilelogin.com >>>> http://blog.api-security.org >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Regards, *Darshana Gunawardana*Senior Software Engineer WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
