> On Oct 24, 2016, at 8:19 AM, Patrick Brunmayr <[email protected]> wrote: > > There are more things to take into account > > 1. Objects like roles, groups and users should be extendable via aux > classes and attributes ( thats what the discussion is all about )
+1 to extended aux object classes on user and group. -1 on the others. The reason, these are entities specific to fortress/rbac and shouldn’t need to be extended. Doing so unnecessarily complicates things and will be error prone because it exposes internal elements to external callers. Waiting to hear a compelling case otherwise. > > On Oct 24, 2016, at 8:19 AM, Patrick Brunmayr <[email protected]> wrote: > > There are more things to take into account > > 2. As an integrator i would flag all roles, groups and users which i > want to expose with a custom object class like "exposeMidpoint" OK, but would name the object class something like ‘ftExport’ to encourage usage across IdM implementations. > > On Oct 24, 2016, at 8:19 AM, Patrick Brunmayr <[email protected]> wrote: > > The background to this is for example i don't want all the fortress > roles like ( fortess-web-super-user, fortess-web-super-user, etc ) to be > transfered to midpoint. If this would be possible > someone could gain access to fortress by assigning them the needed role > ( if they would be allowed to ). The second point is i don't want to > provide options like roles to users which are not of > interrest for them :) > > Hope this describes it Makes sense. Thanks for explanation. Next steps are to open jira ticket to track. Shawn
