Hi all, A "resource" in Syncope is a remote directory of some sort where you can propagate/synchronize attributes to/from.
I'd like to consider an alternative definition of a "resource" in the context of web services and if it's feasible or desirable to support it. One can currently use Syncope to authenticate a web service request (e.g. is the client's username/password valid) or for authorization, where you can retrieve the authenticated client's roles, and check to see whether one of these roles is allowed access the local "resource" the client is attempting to access. In other words, the application server must maintain a map of role names to resources, where the resource could be a combination of WSDL target namespace, service name and operation, or a URI. There may also be a permission associated with this mapping such as "read", "write" or "execute", etc. Many IDM solutions can accept a resource as a String or URI, so the question is whether this is something we should add to the roadmap for Syncope or not? The advantage of adding this kind of functionality to Syncope is that all identity and access management is done with the same product, instead of having to use Syncope for authentication/retrieving-roles, and use something else to find out whether the authenticated user has the correct permissions to access the local resource. Thoughts? How would this kind of functionality work with Syncope? Colm. IDM can accept resource as String or URI. Permissions can also be generic: "read", "write", "execute", etc. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
