Marco thank you so much!!! I found your answar very useful for my purpose!
In my test case i have to consider another membership attribute, the time period in which users can access to a restricted area. Usually i use an object like this: BEGIN:VCALENDAR PRODID: VERSION:2.0 BEGIN:VEVENT SUMMARY:Office Hours DTSTART:19700101T090000 DTEND:19700101T170000 RRULE:FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR DTSTAMP:20121129T154801 UID:6b350fc3c646e59e END:VEVENT END:VCALENDAR Would be possible, in Syncope, to set up this informations as a Membership attributes? Regars, Antonio. 2015-11-05 15:41 GMT+01:00 Marco Di Sabatino Di Diodoro < [email protected]>: > Hi Antonio, > > Il 04/11/2015 15:10, Antonio Ciancio ha scritto: > > Hi all, > > I'm Antonio. I'm working on Syncope since two weeks. > > The context in which I work is the PACS (Physical Access Control System): > > Users have available one or more badges, each badge has an identification > number; they allow to access in a restricted area using card readers. My > system sends a REST request to Syncope with the following parameters: > *card_ID, > card_reader_ID, operation*; “operation” indicates the kind of action that > users need to do (in, out, …). > > How can I map these three parameters in Syncope? In particular, How can I > combine the card_ID parameter with the users? My idea is to combine the > token field of the “SyncopeUser” table with the card_ID parameter, can I > costumise it? If I can’t do it, which entity of Syncope can I use to map > the “Card” parameter? > > Token field is a specific field with internal functions and it's better > not override. > Best way to map your requirements with Syncope is to use schemas, roles > and memberships [1]. I suggest you to use "Syncope Roles" as CARD_READER > entity with a role attribute where you can map the card_reader_ID. In > addition, you have to create two membership attributes for the card_ID and > operation fields. > > Now, you can assign to an user one or more roles (card reader) where every > relationship user-role contains the card_ID and operation permissions of > an user (membership attributes). If you want, you can configure your > attributes multi-value (for example operation: "in, out"). > > As regard the Syncope response given after the REST request on the basis > of Users needs, which entity can we use to determine this operation ( Role, > Policy…)? > > For the authentication and authorization, you have to implement a new REST > endpoint where you check if an user has assigned a role with the passed > card_reader_ID and the card_ID and operation matches the membership values. > > Regards > Marco > > [1] > https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping > > -- > Dott. Marco Di Sabatino Di Diodoro > Tel. +39 3939065570 > > Tirasa S.r.l. > Viale D'Annunzio 267 - 65127 Pescara > Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net > > Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/ > >
