[
https://issues.apache.org/jira/browse/OAK-2687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14381726#comment-14381726
]
angela commented on OAK-2687:
-----------------------------
the concept of dynamic groups might be convenient in similar cases, where
groups contain "everyone-matching-certain-characteristics" as members and those
characteristics can easily be determined during the authentication step (e.g.
specific credentials, credentials attributes, login-name matching certain
patterns etc).
> Introduce Dynamic Groups
> ------------------------
>
> Key: OAK-2687
> URL: https://issues.apache.org/jira/browse/OAK-2687
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core, jcr
> Reporter: angela
> Assignee: angela
> Fix For: 1.4
>
>
> we may consider extending the jackrabbit user management API by the concept
> of dynamic groups that would have the following characteristics:
> - the group in the repository is just a marker
> - the group members are not stored with the group and are not revealed by
> regular membership operations such as 'getMembers', 'getDeclaredMembers',
> 'memberOf', 'declaredMemberOf'
> - the dynamic group membership is only evaluated upon authentication (e.g. in
> the principal provider implementation) based on implementation details both
> in the principal provider and the login module.
> one example to illustrate the concept of the dynamic groups is the 'Everyone'
> principal where every principal of the default principal management
> implementation is member of. for consistency, this group principal already
> requires special treatment in the user management implementation in case
> there exists an 'everyone' group (match by principal name only).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
