[security-dev] how to model services managed by a realm

Bill Burke bburke at redhat.com
Mon Jun 10 19:49:26 EDT 2013

I guess an Application would be an Agent.  Application role names could 
either be scoped, i.e. "ApplicationName.RoleName" or I could generate a 
unique id for the Role.getName() and add a special "applicationRoleName" 
attribute.  Then create a custom relationship between the Appplication's 
Agent and each role.

That sound right?  Should I scope the name, or generate a unique id and 
add an attribute?

On 6/10/2013 6:28 PM, Bill Burke wrote:
> I'm trying to figure out how to do the following scenario with the
> IdentityManager API:
> * A realm with N users
> * A realm which manages X applications
> * Each application has Y roles
> * Users have role mappings for each of those roles
> I'll need to be able to query:
> * What are the applications in the realm
> * What roles does a service have
> * What are the role mappings for each service for a particular user
> It looks like a Role only has a name.  So, I can't have "admin" role for
> each of my services and different role mappings per service.  Would I
> have to model this as different "partitions"?  I see that you can create
> "partitions", but how do you create relationships between "partitions"
> or share users between partitions?

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list