[DISCUSS] User requests

Thu, 06 Sep 2018 03:32:29 -0700 

Hi all,
I have been lately involved into some considerations around user workflow, approvals and user requests. 


As stated in [1], "Workflow manages the internal identity lifecycle by 
defining statuses and transitions that every user, group or any object 
in Apache Syncope will traverse.".
For users, the Flowable adapter is available [2] (Activiti up to Syncope 
2.0), which allows to define approvals [3] as additional steps to 
traverse, to which approval forms are bound.


So far, so good.


The current approval forms can be seen as a particular case of a more 
general concept, e.g user requests - a core concept of Identity 
Governance (IGA).



With user requests, users can initiate whichever request among the ones 
defined, for example "assign me a mobile phone" or "give me those groups 
on AD", for them or on behalf of others; once initiated, such requests 
can then follow their own path, which might include one or more approval 
steps.
There is also no limitation on the number of concurrent requests that an 
user can initiate.



Unfortunately, I came to the conclusion that our current implementation 
is not able to properly implement the user requests as briefly outlined 
above; among other things, the impossibility to handle more than an 
approval process at a time, per user.


Hence, and a major refactoring is needed; I propose to:

1. remove the current Flowable user workflow adapter

2. power up the DefaultUserWorkflowAdapter to allow easier injection of 
custom logic, with the usual way we already take for PullActions, 
PushActions, RealmActions etc, e.g. WorkflowActions

3. define a new UserRequest entity, which includes at least
  3.1 some triggering conditions
  3.2 a Flowable workflow definition, possibly containing approval form(s)

4. adjust REST services, Admin Console and Enduser UI to cope with the 
new UserRequest concept



In my idea, the changes above should take place in the 2_1_X branch (and 
thus be likely available with Syncope 2.1.2), along with proper upgrade 
instructions from Syncope 2.1.1.


WDYT?
Regards.


[1] 
https://ci.apache.org/projects/syncope/2_1_X/reference-guide.html#workflow
[2] 
https://ci.apache.org/projects/syncope/2_1_X/reference-guide.html#flowable-user-workflow-adapter
[3] 
https://ci.apache.org/projects/syncope/2_1_X/reference-guide.html#approval


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/























					Reply via email to