Hi Prabath, On Mon, Oct 24, 2016 at 6:31 AM, Prabath Siriwardana <prab...@wso2.com> wrote:
> Hi Ishara, > > +1 for the proposal... let's create a RM so we will not miss this... also > let's do a brainstorming session on this... > Sure will create a RM and schedule a brainstorming session. -Ishara > > Thanks & regards, > -Prabath > > On Fri, Oct 21, 2016 at 9:23 PM, Ishara Karunarathna <isha...@wso2.com> > wrote: > >> Hi Prabath, >> >> Primary goal is to group the configurations but we can achieve isolations >> with access control. >> Let me describe with the diagrams. >> With the current implementation we have individual SP configurations. And >> we need to set all the configurations (Claim, authentication chain etc..) >> in each SP level. >> This model it helps to define these configurations for a group (SC) and >> if needed overwrite with SP configurations. >> Allow to configure separate sessions for SC (optional) >> >> >> >> And there are global configurations ( shared with SC ) as well (User >> stores, Provisioning configs etc..) We can either use them or restrict to >> access within SC. >> >> Thanks, >> Ishara >> >> On Thu, Oct 20, 2016 at 3:17 AM, Prabath Siriwardana <prab...@wso2.com> >> wrote: >> >>> Sorry for the late response... >>> >>> If we are trying to create an isolated environment here - can't we do >>> the same by having a container per security circle - so we do not have to >>> do anything at the code level (basically, we treat the security circle as a >>> tenant) >>> >>> Are there anything shared between the security circles...or overlaps >>> between security circles..? It would be great if you can model this with a >>> diagram.... >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Sun, Oct 16, 2016 at 1:07 AM, Ishara Karunarathna <isha...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> With the current IS implementation We have individual SP configurations >>>> and we associate authentication chains, claim, provisioning configurations >>>> etc.. to that service provider configuration. >>>> As a improvement to this we can group these configurations lets say a >>>> security circle. >>>> >>>> For a security circle [SC]. >>>> We can configure set of service providers within a SC. >>>> Associate Userstores to that SC >>>> Define Authentication chain, Provision config etc.. >>>> Configre Administration policies Ex: only users in wso2admin can manage >>>> the wso2 security circle. >>>> Group authorization policies belong to this circle. >>>> Once we configure those it will be applicable to all service providers >>>> and can override with SP level configurations. >>>> We can have different login sessions to each circle. >>>> >>>> How can we use this. >>>> Achieve Enterprise SaaS application use case discussed in [1] >>>> No need to configure same configurations in each SP level can inherit >>>> from SC configurations. >>>> Since we are going with container base Multi tenancy in C5, If a user >>>> does not like, that can be handle with this security circle. >>>> >>>> Thanks, >>>> Ishara >>>> [1] "[C5 IS] Multi-tenancy in C5 based IS" >>>> >>>> -- >>>> Ishara Karunarathna >>>> Associate Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://facilelogin.com >>> >> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://facilelogin.com > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture