Hi Ishara, +1 for the proposal... let's create a RM so we will not miss this... also let's do a brainstorming session on this...
Thanks & regards, -Prabath On Fri, Oct 21, 2016 at 9:23 PM, Ishara Karunarathna <[email protected]> wrote: > Hi Prabath, > > Primary goal is to group the configurations but we can achieve isolations > with access control. > Let me describe with the diagrams. > With the current implementation we have individual SP configurations. And > we need to set all the configurations (Claim, authentication chain etc..) > in each SP level. > This model it helps to define these configurations for a group (SC) and if > needed overwrite with SP configurations. > Allow to configure separate sessions for SC (optional) > > > > And there are global configurations ( shared with SC ) as well (User > stores, Provisioning configs etc..) We can either use them or restrict to > access within SC. > > Thanks, > Ishara > > On Thu, Oct 20, 2016 at 3:17 AM, Prabath Siriwardana <[email protected]> > wrote: > >> Sorry for the late response... >> >> If we are trying to create an isolated environment here - can't we do the >> same by having a container per security circle - so we do not have to do >> anything at the code level (basically, we treat the security circle as a >> tenant) >> >> Are there anything shared between the security circles...or overlaps >> between security circles..? It would be great if you can model this with a >> diagram.... >> >> Thanks & regards, >> -Prabath >> >> On Sun, Oct 16, 2016 at 1:07 AM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi All, >>> >>> With the current IS implementation We have individual SP configurations >>> and we associate authentication chains, claim, provisioning configurations >>> etc.. to that service provider configuration. >>> As a improvement to this we can group these configurations lets say a >>> security circle. >>> >>> For a security circle [SC]. >>> We can configure set of service providers within a SC. >>> Associate Userstores to that SC >>> Define Authentication chain, Provision config etc.. >>> Configre Administration policies Ex: only users in wso2admin can manage >>> the wso2 security circle. >>> Group authorization policies belong to this circle. >>> Once we configure those it will be applicable to all service providers >>> and can override with SP level configurations. >>> We can have different login sessions to each circle. >>> >>> How can we use this. >>> Achieve Enterprise SaaS application use case discussed in [1] >>> No need to configure same configurations in each SP level can inherit >>> from SC configurations. >>> Since we are going with container base Multi tenancy in C5, If a user >>> does not like, that can be handle with this security circle. >>> >>> Thanks, >>> Ishara >>> [1] "[C5 IS] Multi-tenancy in C5 based IS" >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://facilelogin.com >> > > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://facilelogin.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
