in that case it would be wiser if we only go for what was the *initial* requirement that started this thread : something that provides ACL based authorization. we leave the identity part out of it, if it does not fit all. "tom.baeyens(a)jboss.com" wrote : "mark.proctor(a)jboss.com" wrote : Portal already has a use case driven Identity component, so Julian's requirements and code should be taken into account. | | the current layering of the portal identity component is a no go for jbpm. | | Julien, correct me if I'm wrong. | | The problem is not in the model of the data. I think we can easily find a common datamodel. The problem is in the pluggability layer of the portal component. | | Portal defines a session facade interface that provides access to users and group objects. Those objects themselves don't expose relation getters. Instead, the session facade contains the methods for traversing the relations. | | The motivation for the ession facade approach is to have different implementations. One for DB with hibernate, one for LDAP and so on. | | | From jBPM perspective, what I would like is for the shared identity component to look like this: | | * a set of java classes with getters and setters also for the relation properties. | | * hibernate persistence for those classes | | * JSF UI components as building blocks to create a identity management console. | | Then portal can still leverage such a component as 1 implementation (the DB/hibernate impl) of their own identity abstraction interfaces. | | I don't think it is feasible in the short term to come up with an interface that suits all requirements and that can switch between DB, LDAP and maybe other stores like e.g. XML files. But I do think it is feasible to create 1 implementation of a DB-schema/Java objects/hibernate mappings that everyone can leverage, leaving the abstraction interfaces still to the individual projects. | | E.g. in our case, those abstraction interfaces are on a per-use-case basis: an assignment handler for assigning a task to a user or a set of candidates. and an email address resolver that converts user ids into email adresses. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4097999#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...