Yes ... that makes sense. With the trend towards federating identities and their related objects, would it make sense to generically provide the same functionality through Fortress? Perhaps by adding a source name and source reference to every FortEntity type?
We've also been discussing the fact that the FortEntity types all have the ftProps attribute but only the User provides methods to access them. If the ftProps were exposed on every FortEntity type, you could (even more generically) add a ftProps attribute with a value of (e.g.) midpointObject:dn=... Steve "And so I pretend not to hear her. And go out to get an envelope because I'm going to have a hell of a good time in the process of buying one envelope. I meet a lot of people. And, see some great looking babes. And a fire engine goes by. And I give them the thumbs up. And, and ask a woman what kind of dog that is. And, and I don't know. The moral of the story is, is we're here on Earth to fart around. And, of course, the computers will do us out of that. And, what the computer people don't realize, or they don't care, is we're dancing animals. You know, we love to move around. And, we're not supposed to dance at all anymore." - Kurt Vonnegut ----- Original Message ----- From: "Patrick Brunmayr" <[email protected]> To: [email protected] Sent: Thursday, October 20, 2016 10:05:30 AM Subject: Re: Custom object classes and attributes Lets asume one is using Fortress as a central place for RBAC. Over time there will be a lot or roles and groups for different things. As an integrator to other systems like in my case Midpoint i am not interested in transfering all roles and groups. So my approach would be to write some aux classes and assign them to the roles and groups. For instance auxclass MidpointObject. In my Midpoint connector i would only fetch roles and groups which have aux class MidpointObject assigned. So i can only provide really those things which are midpoint specific and not roles or groups which may not be of interest or even more import which security wise relevant. One use case for me would be i dont want to transfer all the Fortress Roles to Midpoint where one would gain access to Fortress :) Does that make sense ? Am 20.10.2016 um 15:00 schrieb Shawn McKinney: >> On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <[email protected]> wrote: >> >> - Please consider the possibility also for Groups or Roles > I get groups but why roles? Can you provide a specific use case of what > those attributes would be and why? > >> On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <[email protected]> wrote: >> >> - It should also be possible to set/get these extra data through the >> REST interface > Agreed. Everything that can be done via api call must also be doable via > rest. LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail: [email protected]
