[security-dev] IDM: REST API

Anil Saldhana asaldhan at redhat.com
Fri Dec 7 17:25:15 EST 2012

Can we just not use the attributes on the User?  Such as "otherNames" to identify the different usernames, he may have used?

SCIM comes into picture wherein one cloud provider/service wants to create accounts for users in the other cloud provider/service. Some trust agreements have to be in place between the two cloud providers.

----- Original Message -----
From: "Pedro Igor Silva" <psilva at redhat.com>
To: "Anil Saldhana" <anil.saldhana at redhat.com>
Cc: security-dev at lists.jboss.org
Sent: Friday, December 7, 2012 4:15:00 PM
Subject: Re: [security-dev] IDM: REST API

They use a id/externalId/userName to identify users. Not sure if we have that in PL.

Maybe this is a important thing to consider given that:

    * User can have different identifiers (eg.: username) for each cloud application. How we know that a specific username maps to a single person ?
    * During the authentication each application may require one of the user's identifier.

Let's get the following example:

    * John is a person. For application A he is using a username "john". For application B he is using "john2012".

This solution can be very important when *auditing* user actions. That way we can map different identifiers to a single person. Considering a cloud and heterogeneous environment.

Pedro Igor

----- Original Message -----
From: "Anil Saldhana" <asaldhan at redhat.com>
To: security-dev at lists.jboss.org
Sent: Friday, December 7, 2012 6:53:46 PM
Subject: [security-dev] IDM: REST API


SCIM is very popular for user provisioning using REST.
security-dev mailing list
security-dev at lists.jboss.org

More information about the security-dev mailing list