Hi all,
a quick status update on this topic.
All features discussed below and tracked via SYNCOPE-119 are now on the
master branch, fully implemented on core side.
About console, such changes are so deep that it probably makes no sense
to try to adapt the existing console module, but rather to take input
from this for SYNCOPE-156 and SYNCOPE-120.
For these reasons, I am now working on master branch, where I am about to:
1. rename the current client/console Maven module to
client/old_console, keeping it excluded from build
2. create a new client/console Maven module which will be a Wicket
application built from scratch as per SYNCOPE-156, with panels and other
stuff "migrated" from old_console
Thoughts?
Regards.
On 25/03/2015 11:22, Francesco Chicchiriccò wrote:
On 24/03/2015 15:13, Francesco Chicchiriccò wrote:
[...]
After some more thoughts, it seems to me that we might extend the
proposal at [1] by:
* introducing a new *Group* entity - with purpose of representing
groups on external resources (attributes, resources, no entitlements)
* introducing a new *Role* entity - with purpose of assigning
entitlements (and realm(s) where to apply) to users
Assigning a user to a group would mean create a membership; assigning
a user to a role will imply granting such user some entitlements.
One can even think to extend the concept in SYNCOPE-140 (Dynamic role
memberships) in order to support both groups and roles so that the
statement above (all users in realm X can exercise entitlement E on
users from realm Y) can be implemented having:
1. role R with entitlement E on realm Y
2. dynamic assignment of role R to users from realm X
Finally, it seems to me that what is coming out from this discussion
is a progressive refactoring of the "old" (e.g. up to 1.2.X) role
concept to the new realm, role and group concepts.
FYI I have updated [1] accordingly.
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Realms
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
