In my opinion ftProps is very proprietary to Fortress isn't it ?
Assigning object classes and attributes in LDAP is a proven thing where even third party clients can do this without having the knowledge how to write this ftProps thing. How can i query a value in ftProps via LDAP ? How can i write it ? This Midpoint integration thing is exactly the case of building a identity federation. Fortress is one part of it thx Am 20.10.2016 um 16:26 schrieb Steve Moyer: Yes ... that makes sense. With the trend towards federating identities and their related objects, would it make sense to generically provide the same functionality through Fortress? Perhaps by adding a source name and source reference to every FortEntity type? We've also been discussing the fact that the FortEntity types all have the ftProps attribute but only the User provides methods to access them. If the ftProps were exposed on every FortEntity type, you could (even more generically) add a ftProps attribute with a value of (e.g.) midpointObject:dn=... Steve "And so I pretend not to hear her. And go out to get an envelope because I'm going to have a hell of a good time in the process of buying one envelope. I meet a lot of people. And, see some great looking babes. And a fire engine goes by. And I give them the thumbs up. And, and ask a woman what kind of dog that is. And, and I don't know. The moral of the story is, is we're here on Earth to fart around. And, of course, the computers will do us out of that. And, what the computer people don't realize, or they don't care, is we're dancing animals. You know, we love to move around. And, we're not supposed to dance at all anymore." - Kurt Vonnegut ----- Original Message ----- From: "Patrick Brunmayr" <[email protected]><mailto:[email protected]> To: [email protected]<mailto:[email protected]> Sent: Thursday, October 20, 2016 10:05:30 AM Subject: Re: Custom object classes and attributes Lets asume one is using Fortress as a central place for RBAC. Over time there will be a lot or roles and groups for different things. As an integrator to other systems like in my case Midpoint i am not interested in transfering all roles and groups. So my approach would be to write some aux classes and assign them to the roles and groups. For instance auxclass MidpointObject. In my Midpoint connector i would only fetch roles and groups which have aux class MidpointObject assigned. So i can only provide really those things which are midpoint specific and not roles or groups which may not be of interest or even more import which security wise relevant. One use case for me would be i dont want to transfer all the Fortress Roles to Midpoint where one would gain access to Fortress :) Does that make sense ? Am 20.10.2016 um 15:00 schrieb Shawn McKinney: On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <[email protected]><mailto:[email protected]> wrote: - Please consider the possibility also for Groups or Roles I get groups but why roles? Can you provide a specific use case of what those attributes would be and why? On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <[email protected]><mailto:[email protected]> wrote: - It should also be possible to set/get these extra data through the REST interface Agreed. Everything that can be done via api call must also be doable via rest. LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail: [email protected]<mailto:[email protected]> -- Patrick Brunmayr LINZ AG TELEKOM Infrastruktur & Netzwerktechnik Internet Services Die LINZ AG TELEKOM ist ein Geschäftsbereich der LINZ STROM GmbH für Energieerzeugung, -handel, -dienstleistungen und Telekommunikation. 4021 Linz, Wiener Straße 151, Austria Tel.: +43(0)732/3400-5639 Fax: +43(0)732/3400-155639 E-Mail: [email protected]<mailto:[email protected]> Internet: www.linzag-telekom.at<http://www.linzag-telekom.at> FN 199533 g des Landesgerichtes Linz Zertifiziert nach: EN ISO 9001 Qualitätsmanagement (QM) OHSAS 18001 Arbeitsschutzmanagementsystem ISO/IEC 27001 Informationssicherheits-Managementsystem (ISMS) LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail: [email protected]
