Hi Francis, you can find my replies embedded below.
Regards. On 2016-03-01 17:16 Francis Bouchard-Boulianne wrote: > Hi, > > Like I was saying a few week ago, we are planning on implementing 2.0 as a > replacement of our home grown idP. We are waiting for 2.0, but can we have a > two or three line of explanation for following the key concepts and how you > planned we should use them: > > 1 - Any objects The purpose of this feature is to extend the provisioning engine to support general-purpose definable entities, besides current users and groups. With "traditional" IdM you can manage users and groups (or roles) on external resources; in Syncope 2.0 you have the option to define whatever type (printers, folders, devices, services, ...) and to manage the provision of such type. For example, in CHOReVOLUTION [1], Apache Syncope is provisioning web services. You can find the original discussion and some reference information about this feature at [2]. > 2 - Realms You can primarily see realms as a mean to represent hierarchical data as organization / organizational units in LDAP. Moreover, they are the key concept around the updated authorization mechanism implementing delegated administration. You can find the original discussion and some reference information about this feature at [3]. > 3 - Domains The purpose is to provide the possibility of defining separated "containers" for all entities currently managed by Syncope in order to allow the execution in multitenant environments. You can find the original discussion and some reference information about this feature at [4]. > User and groups are pretty straightforward unless you plan on using a > different semantics than in 1.X. You are right, things are very similar within this regard (unless for 1.2 roles which map to 2.0 groups, roles and realms - see [3]). > This will help us prepare the data mapping and do our first beta tests with > M1, and ma pour existing password reset and create account UI to the syncope > services and process management. Sounds good! Please also consider that 2.0 is coming with a brand new Enduser UI: see more at [5]. [1] http://www.chorevolution.eu/ [2] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Any+objects [3] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Realms [4] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Domains [5] http://blog.tirasa.net/syncope-enduser-security-features.html -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer http://home.apache.org/~ilgrosso/
