[security-dev] how to model services managed by a realm
Pedro Igor Silva
psilva at redhat.com
Tue Jun 11 11:33:39 EDT 2013
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Pedro Igor Silva" <psilva at redhat.com>
> Cc: security-dev at lists.jboss.org
> Sent: Tuesday, June 11, 2013 12:18:32 PM
> Subject: Re: [security-dev] how to model services managed by a realm
> On 6/11/2013 10:58 AM, Pedro Igor Silva wrote:
> > The main idea behind tiers are to share role/groups between realms. And
> > not tie them to a specific realm. From the documentation:
> > "A Tier is a more restrictive type of partition than a realm, as it
> > only allows groups and roles to
> > be defined (but not users). A Tier may be used to define a set of
> > application-specific groups and
> > roles, which may then be assigned to groups within the same Tier, or to
> > users and groups within
> > a separate Realm."
> > I think I have discussed that with Shane some time ago about attributes
> > on partitions. Need to recall that. But I agree that partition-scoped
> > attributes can be handy.
> Ok, yet another roadblock I've run into is that it seems you cannot
> create tiers or realms on the fly. It looks like that all Realms and
> Tiers you want to have must be known and pre-configured before you
> create the IdentityManagerFactory.
> If I understand the code correctly, an IdentityManagerFactory acts as a
> cache for all realms and tiers stored under it? So, being able to
> add/remote tiers/realms on the fly would be pretty key.
I'll open a JIRA, would be nice have a feedback from Shane too.
> Bill Burke
> JBoss, a division of Red Hat
More information about the security-dev