Hi, On Mon, Oct 17, 2016 at 5:41 PM, Asela Pathberiya <as...@wso2.com> wrote:
> > > On Sun, Oct 16, 2016 at 11:37 AM, Ishara Karunarathna <isha...@wso2.com> > wrote: > >> Hi All, >> >> With the current IS implementation We have individual SP configurations >> and we associate authentication chains, claim, provisioning configurations >> etc.. to that service provider configuration. >> As a improvement to this we can group these configurations lets say a >> security circle. >> > > +1 > > >> >> For a security circle [SC]. >> We can configure set of service providers within a SC. >> Associate Userstores to that SC >> Define Authentication chain, Provision config etc.. >> Configre Administration policies Ex: only users in wso2admin can manage >> the wso2 security circle. >> > > Are we using XACML? May be Administration/Delegation profile... > Yes we can use XACML and for advanced use cases we can use delegation profile. > > >> Group authorization policies belong to this circle. >> Once we configure those it will be applicable to all service providers >> and can override with SP level configurations. >> > We can have different login sessions to each circle. >> > > So; end user will have different session for each SC in same browser ? > I think this should be configurable. in some situations we need separate sessions. Ex : we treat SC as a tenant. In SaaS we don't need separate sessions but SC work as a administrative group. > > Is SC an internal detail or expose to end users (I meant whether it is > like tenant domain)? > This is not exact tenant model we have. It means admin privileged users may have the access to all the other SCs but with authorization policies we may change the access level. > > Does request contain some detail/param on SC? > > Thanks, > Asela. > > >> >> How can we use this. >> Achieve Enterprise SaaS application use case discussed in [1] >> No need to configure same configurations in each SP level can inherit >> from SC configurations. >> Since we are going with container base Multi tenancy in C5, If a user >> does not like, that can be handle with this security circle. >> > >> Thanks, >> Ishara >> [1] "[C5 IS] Multi-tenancy in C5 based IS" >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
