I would assign a role (card_reader) to a group of users, for example if i would allow access to a restricted area to the group "developers". Should i define a group as a new role, or as role/membership attribute?
Regards 2015-11-06 10:04 GMT+01:00 Antonio Ciancio <[email protected]>: > Thank you Marco! > > I think that now I'm able to implement a test case according to my purpose! > > Regards > > 2015-11-05 17:29 GMT+01:00 Marco Di Sabatino Di Diodoro < > [email protected]>: > >> >> >> Il 05/11/2015 17:11, Antonio Ciancio ha scritto: >> >> Marco thank you so much!!! >> >> I found your answar very useful for my purpose! >> >> In my test case i have to consider another membership attribute, the time >> period in which users can access to a restricted area. >> >> Usually i use an object like this: >> >> BEGIN:VCALENDAR >> PRODID: >> VERSION:2.0 >> BEGIN:VEVENT >> SUMMARY:Office Hours >> DTSTART:19700101T090000 >> DTEND:19700101T170000 >> RRULE:FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR >> DTSTAMP:20121129T154801 >> UID:6b350fc3c646e59e >> END:VEVENT >> END:VCALENDAR >> >> Would be possible, in Syncope, to set up this informations as a >> Membership attributes? >> >> Yes, it's. You can modelling your solution as you want. >> >> Regards >> Marco >> >> >> Regars, >> Antonio. >> >> 2015-11-05 15:41 GMT+01:00 Marco Di Sabatino Di Diodoro < >> <[email protected]>[email protected]>: >> >>> Hi Antonio, >>> >>> Il 04/11/2015 15:10, Antonio Ciancio ha scritto: >>> >>> Hi all, >>> >>> I'm Antonio. I'm working on Syncope since two weeks. >>> >>> The context in which I work is the PACS (Physical Access Control System): >>> >>> Users have available one or more badges, each badge has an >>> identification number; they allow to access in a restricted area using card >>> readers. My system sends a REST request to Syncope with the following >>> parameters: *card_ID, card_reader_ID, operation*; “operation” indicates >>> the kind of action that users need to do (in, out, …). >>> >>> How can I map these three parameters in Syncope? In particular, How can >>> I combine the card_ID parameter with the users? My idea is to combine the >>> token field of the “SyncopeUser” table with the card_ID parameter, can I >>> costumise it? If I can’t do it, which entity of Syncope can I use to map >>> the “Card” parameter? >>> >>> Token field is a specific field with internal functions and it's better >>> not override. >>> Best way to map your requirements with Syncope is to use schemas, roles >>> and memberships [1]. I suggest you to use "Syncope Roles" as CARD_READER >>> entity with a role attribute where you can map the card_reader_ID. In >>> addition, you have to create two membership attributes for the card_ID and >>> operation fields. >>> >>> Now, you can assign to an user one or more roles (card reader) where every >>> relationship user-role contains the card_ID and operation permissions >>> of an user (membership attributes). If you want, you can configure your >>> attributes multi-value (for example operation: "in, out"). >>> >>> As regard the Syncope response given after the REST request on the basis >>> of Users needs, which entity can we use to determine this operation ( Role, >>> Policy…)? >>> >>> For the authentication and authorization, you have to implement a new >>> REST endpoint where you check if an user has assigned a role with the >>> passed card_reader_ID and the card_ID and operation matches the membership >>> values. >>> >>> Regards >>> Marco >>> >>> [1] >>> https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping >>> >>> -- >>> Dott. Marco Di Sabatino Di Diodoro >>> Tel. +39 3939065570 >>> >>> Tirasa S.r.l. >>> Viale D'Annunzio 267 - 65127 Pescara >>> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net >>> >>> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/ >>> >>> >> >> -- >> Dott. Marco Di Sabatino Di Diodoro >> Tel. +39 3939065570 >> >> Tirasa S.r.l. >> Viale D'Annunzio 267 - 65127 Pescara >> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net >> >> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/ >> >> >
