On Sun, Mar 21, 2010 at 04:48:35PM -0700, Brian Aker wrote: > On Mar 21, 2010, at 4:38 PM, Eric Day wrote: > >I don't think we need to enforce any format for the serialized user > >identifiers, I think simply using the 'user' in the SecurityContext > > User is far from being sufficient. You need to know the domain and > possibly the provider as well.
If I'm using Drizzle for my personal blog, a simple user is sufficient. If I am in a multi-tenant environment, my 'user' identifiers in SecurityContext will be an account ID, usern...@domain, or something to uniquely identify the tenant (whatever my provider tells me to log in with), and in that case, I think that would be sufficient as well. Perhaps 'user' is a poor name choice in the SecurityContext since it could be any auth identifier. :) I'm all for packing as much information as is needed into the object owner field, I just don't think we need to enforce any format besides an opaque string. The Auth* plugins should be free to use whatever format they need depending on what the login verification source is. > If "catalog" is scoped to domain, then the problem mostly goes away, > but even then in any sort of Security related object you need to > know this information. I don't think we should enforce catalog context either, keep this an opaque string and let the Auth plugins define default catalog to use depending on auth context. If a user is logged and wants to switch catalog, the auth plugins will verify using security context and desired catalog name. For example, some multi-tenant providers may create one catalog per account number (where an account can have multiple domains), where others may do one catalog per domain. In either case, the auth plugins could determine the default catalog to set based on the user given (ie, account auth token, u...@domain, ...). -Eric _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
