[security-dev] IDM: REST API

Darran Lofthouse darran.lofthouse at jboss.com
Mon Dec 10 14:47:18 EST 2012

On 12/10/2012 07:18 PM, Bill Burke wrote:
> On 12/10/2012 1:47 PM, Darran Lofthouse wrote:
>> On 12/10/2012 06:37 PM, Bill Burke wrote:
>>> * Granting specific access to somebody so they can act on behalf of you
>>> seems like a pretty compelling cross-cutting use case that should be
>>> supported in the model.
>> That is something that is coming up for AS7 as well we are close to the
>> point where we need to define which users can act on the behalf of other
>> users.
> (I said this before).  In my prototype, i have something like a role
> mapping, but it is a list of roles a user is allowed to ask another user
> to grant for them.  This is the change in the meta model I'd need for
> this type of data, otherwise, i'm just hacking the identity model.

In my case I am a little more interested in the case where one user 
wants a request to be executed entirely as another user rather than just 

I have however heard some users recently talking about a capability 
where users can request roles for a specific time period and another 
user can grant that request.


More information about the security-dev mailing list