Hi, In C5, since Groups and Roles are supposed to be treated as two different entities, we need to clearly understand how to use them and a bit of their implementation details. I'm listing some assumptions and questions below, please see if the assumptions are correct and please provide answers to the questions too.
*Assumptions* 1. Groups are in the LDAP (User Store) and Roles are in the Context of Carbon (in a DB schema introduced by WSO2 Products). 2. Roles are always created through a carbon admin service (MSF4J). 3. Roles can be attached to users *and* groups. 4. Role to User and Role to Group mappings will be will be stored in a DB schema maintained by carbon. 5. Users, Roles and Groups will all have unique identifiers (ids) so that products don't have to maintain direct references to the their literal values. *Questions* 1. When saving information to represent "who can do what", do we save the role or group? Ex: GET /apis can be performed by [role or group or both]? 2. Do we have a concept of "default role(s)" or "internal role(s)" which are common to all products? 3. Are roles common across all user stores? If my assumption (1) is correct, the answer should be yes I guess. Thanks, NuwanD. -- Nuwan Dias Software Architect - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
