sorry I've forgotten to add a subject :) Mathieu
2007/8/23, metcox <[EMAIL PROTECTED]>: > Hi, > > In my application I use Apache directory Server - but the application > should be pluggable with any other directory - and the triplesec api > to manage authentication and authorization. > With this combination I can add a grant to a role without having to > define the related permission. > I know it's not possible with a full triplesec solution but it's > something I'm looking for because I need to add dynamic grants. It > means an application admin (or a user which is able to add grants to > another user) could build a grant. > For instance: > "viewjob JOB" - the user is able to see the job JOB > "viewjob *" - the user is able to see all the jobs > or more complicated "viewjob *[status='SUCCESS']" - view all the job > with success status. > So this kind of permission can't already exist, or be created on the > fly without a complex permission management: > - if the permission don't already exist -> create a new one > - if the grant is removed -> delete the permission or another user > have this permission? > - if the grant is rename -> remove the permission and create a new > one, or just rename the permission? > > So my questions are: > - Is it possible to use triplesec api (guardian and admin) without > using the triplesec server. For instance, can I use the guardian api > with a OpenLdap server? > - is it possible to add grants to a role (or a profile) without having > to define a related permission? > > Regards, > > Mathieu >
