Re: PACS (Physical Access Control System) with Syncope

Thu, 05 Nov 2015 06:48:53 -0800 

Hi Antonio,

Il 04/11/2015 15:10, Antonio Ciancio ha scritto:


Hi all,

I'm Antonio. I'm working on Syncope since two weeks.

The context in which I work is the PACS (Physical Access Control System):


Users have available one or more badges, each badge has an 
identification number; they allow to access in a restricted area using 
card readers. My system sends a REST request to Syncope with the 
following parameters: *card_ID, card_reader_ID, operation*; 
“operation” indicates the kind of action that  users need to do (in, 
out, …).



How can I map these three parameters in Syncope? In particular, How 
can I combine the card_ID parameter with the users? My idea is to 
combine the token field of the “SyncopeUser” table with the card_ID 
parameter, can I costumise it? If I can’t do it, which entity of 
Syncope can I use to map the “Card” parameter?



Token field is a specific field with internal functions and it's better 
not override.
Best way to map your requirements with Syncope is to use schemas, roles 
and memberships [1].  I suggest you to use "Syncope Roles" as 
CARD_READER entity with a role attribute where you can map the 
card_reader_ID. In addition, you have to create two membership 
attributes for the card_ID and operation fields.



Now, you can assign to an user one or more roles (card reader) where 
every relationship user-role contains the card_ID and operation 
permissions of an user (membership attributes). If you want, you can 
configure your attributes multi-value (for example operation: "in, out").



As regard the Syncope response given after the REST request on the 
basis of Users needs, which entity can we use to determine this 
operation ( Role, Policy…)?



For the authentication and authorization, you have to implement a new 
REST endpoint where you check if an user has assigned a role with the 
passed card_reader_ID and the card_ID and operation matches the 
membership values.


Regards
Marco


[1] 
https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping


--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570

Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/























					Reply via email to