Hi Prabath, Primary goal is to group the configurations but we can achieve isolations with access control. Let me describe with the diagrams. With the current implementation we have individual SP configurations. And we need to set all the configurations (Claim, authentication chain etc..) in each SP level. This model it helps to define these configurations for a group (SC) and if needed overwrite with SP configurations. Allow to configure separate sessions for SC (optional)
And there are global configurations ( shared with SC ) as well (User stores, Provisioning configs etc..) We can either use them or restrict to access within SC. Thanks, Ishara On Thu, Oct 20, 2016 at 3:17 AM, Prabath Siriwardana <[email protected]> wrote: > Sorry for the late response... > > If we are trying to create an isolated environment here - can't we do the > same by having a container per security circle - so we do not have to do > anything at the code level (basically, we treat the security circle as a > tenant) > > Are there anything shared between the security circles...or overlaps > between security circles..? It would be great if you can model this with a > diagram.... > > Thanks & regards, > -Prabath > > On Sun, Oct 16, 2016 at 1:07 AM, Ishara Karunarathna <[email protected]> > wrote: > >> Hi All, >> >> With the current IS implementation We have individual SP configurations >> and we associate authentication chains, claim, provisioning configurations >> etc.. to that service provider configuration. >> As a improvement to this we can group these configurations lets say a >> security circle. >> >> For a security circle [SC]. >> We can configure set of service providers within a SC. >> Associate Userstores to that SC >> Define Authentication chain, Provision config etc.. >> Configre Administration policies Ex: only users in wso2admin can manage >> the wso2 security circle. >> Group authorization policies belong to this circle. >> Once we configure those it will be applicable to all service providers >> and can override with SP level configurations. >> We can have different login sessions to each circle. >> >> How can we use this. >> Achieve Enterprise SaaS application use case discussed in [1] >> No need to configure same configurations in each SP level can inherit >> from SC configurations. >> Since we are going with container base Multi tenancy in C5, If a user >> does not like, that can be handle with this security circle. >> >> Thanks, >> Ishara >> [1] "[C5 IS] Multi-tenancy in C5 based IS" >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://facilelogin.com > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
