[security-dev] how to model services managed by a realm

Pedro Igor Silva psilva at redhat.com
Tue Jun 11 11:33:39 EDT 2013

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Pedro Igor Silva" <psilva at redhat.com>
> Cc: security-dev at lists.jboss.org
> Sent: Tuesday, June 11, 2013 12:18:32 PM
> Subject: Re: [security-dev] how to model services managed by a realm
> On 6/11/2013 10:58 AM, Pedro Igor Silva wrote:
> >     The main idea behind tiers are to share role/groups between realms. And
> >     not tie them to a specific realm. From the documentation:
> >
> >     "A Tier is a more restrictive type of partition than a realm, as it
> >     only allows groups and roles to
> > be defined (but not users). A Tier may be used to define a set of
> > application-specific groups and
> > roles, which may then be assigned to groups within the same Tier, or to
> > users and groups within
> > a separate Realm."
> >
> >     I think I have discussed that with Shane some time ago about attributes
> >     on partitions. Need to recall that. But I agree that partition-scoped
> >     attributes can be handy.
> >
> Ok, yet another roadblock I've run into is that it seems you cannot
> create tiers or realms on the fly.  It looks like that all Realms and
> Tiers you want to have must be known and pre-configured before you
> create the IdentityManagerFactory.
> If I understand the code correctly, an IdentityManagerFactory acts as a
> cache for all realms and tiers stored under it?  So, being able to
> add/remote tiers/realms on the fly would be pretty key.

I'll open a JIRA, would be nice have a feedback from Shane too.

> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com

More information about the security-dev mailing list