Re: [Hawkular-dev] define: tenant
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/30/2015 03:37 PM, Thomas Heute wrote:
I hope we can keep it simple for now. We may have to revisit
later.
Can we say that: Step 1: resources belong to a user and only him
has access Step 2: resources can be shared with a group or a
specific user by the owner (who can grant "write access" to the
group or specific users)
IMO this is already quite flexible, simple from a user perspective
but already complex enough to handle initially. (A user who have
read access should still be able to create alerts for this
resource...) We'll have to think about what happens to orphans
resources (owner gets deleted) and likely other corner cases and
optimizations (like the switcher you mentioned or like in Google
drive, sharing with me doesn't mean it will mess with my documents
unless I want to copy it over.)
Alright, so, this means also that authentication is done by KC, and
authorization is done by the application. I think it's the safest
route for the beginning.
This effectively means that KC will have only one "hawkular" realm and
all users will be inside of it. The notion of "tenant" is then built
on our side. In the end, it's the simplest form of KC and it also
gives us self-registration for free.
Next step is, then, hawt.io with KC :-)
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUy6lUAAoJECKM1e+fkPrX+qMH/ReUnlHY1l4OmvGn9yy4TVcw
gDpqj13OY4bAqdm/Nb6a3jVxs/GN/Bwpucrz/0NBd8FueexnNz162gjsoBiZCARF
5/hnKOpddqhCyhOm4N0s+UAE7xNXViesbbdcZsCh/LeSdROlpaAvKmkOpXvwr8Y/
ZwxyJkCFejpy77nrgTGfi2Aj6fK4XtNm57Ifm3V8JlX3XcP0vDKOv9BMpmkW04d9
sV6t2p98sGeFkO0zui4zuYSPO8DVtsHTID35m2THSlUiFnjj02GpXfnCNDNF3EMB
vae0wW5Z0jCJ6QTU/LprXwmNwq579bwUQvQvfipzNIX2OSlXJ6ytzhwEWREQvAc=
=Tha0
-----END PGP SIGNATURE-----