[Hawkular-dev] define: tenant

[Juraci Paixão Kröhling]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/30/2015 03:37 PM, Thomas Heute wrote:
> I hope we can keep it simple for now. We may have to revisit
> later.
> 
> Can we say that: Step 1: resources belong to a user and only him
> has access Step 2: resources can be shared with a group or a
> specific user by the owner (who can grant "write access" to the
> group or specific users)
> 
> IMO this is already quite flexible, simple from a user perspective
> but already complex enough to handle initially. (A user who have
> read access should still be able to create alerts for this
> resource...) We'll have to think about what happens to orphans
> resources (owner gets deleted) and likely other corner cases and
> optimizations (like the switcher you mentioned or like in Google
> drive, sharing with me doesn't mean it will mess with my documents
> unless I want to copy it over.)

Alright, so, this means also that authentication is done by KC, and
authorization is done by the application. I think it's the safest
route for the beginning.

This effectively means that KC will have only one "hawkular" realm and
all users will be inside of it. The notion of "tenant" is then built
on our side. In the end, it's the simplest form of KC and it also
gives us self-registration for free.

Next step is, then, hawt.io with KC :-)

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUy6lUAAoJECKM1e+fkPrX+qMH/ReUnlHY1l4OmvGn9yy4TVcw
gDpqj13OY4bAqdm/Nb6a3jVxs/GN/Bwpucrz/0NBd8FueexnNz162gjsoBiZCARF
5/hnKOpddqhCyhOm4N0s+UAE7xNXViesbbdcZsCh/LeSdROlpaAvKmkOpXvwr8Y/
ZwxyJkCFejpy77nrgTGfi2Aj6fK4XtNm57Ifm3V8JlX3XcP0vDKOv9BMpmkW04d9
sV6t2p98sGeFkO0zui4zuYSPO8DVtsHTID35m2THSlUiFnjj02GpXfnCNDNF3EMB
vae0wW5Z0jCJ6QTU/LprXwmNwq579bwUQvQvfipzNIX2OSlXJ6ytzhwEWREQvAc=
=Tha0
-----END PGP SIGNATURE-----