REST API for user provisioning - security-dev - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

REST API for user provisioning

PicketLink 3.0 Roadmap

Undertow in AS8

Anil Saldhana

Friday, 8 March 2013 Fri, 8 Mar '13

2:53 p.m.

Hi All, now that we have an excellent IDM subsystem as part of PicketLink3, we need to next look at incorporating SCIM (http://www.simplecloud.info/), a set of standards surrounding REST API for Cloud Provisioning. SCIM is part of the IETF. Probably in the PicketLink 3.1+ timeframe. Regards, Anil

Reply

Show replies by date

Shane Bryzak

Friday, 8 March Fri, 8 Mar

4:58 p.m.

Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can already support most of this already with our identity model, although for complex types it might be a little bit of a challenge. I guess one possibility though is to just make the Attribute value an array of Attributes itself. On 09/03/13 06:53, Anil Saldhana wrote:

Hi All, now that we have an excellent IDM subsystem as part of PicketLink3, we need to next look at incorporating SCIM (http://www.simplecloud.info/), a set of standards surrounding REST API for Cloud Provisioning. SCIM is part of the IETF. Probably in the PicketLink 3.1+ timeframe. Regards, Anil _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Anil Saldhana

5:12 p.m.

SCIM 2 is still being developed at the IETF. I think for now we need to target v1.1 On Mar 8, 2013, at 4:58 PM, Shane Bryzak <sbryzak(a)redhat.com> wrote:

Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can already support most of this already with our identity model, although for complex types it might be a little bit of a challenge. I guess one possibility though is to just make the Attribute value an array of Attributes itself. On 09/03/13 06:53, Anil Saldhana wrote: > Hi All, > now that we have an excellent IDM subsystem as part of PicketLink3, > we need to next look at incorporating SCIM > (http://www.simplecloud.info/), a set of standards surrounding REST API > for Cloud Provisioning. SCIM is part of the IETF. > > Probably in the PicketLink 3.1+ timeframe. > > Regards, > Anil > > _______________________________________________ > security-dev mailing list > security-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/security-dev _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Pedro Igor Silva

Monday, 11 March Mon, 11 Mar

8 a.m.

Maybe we can review the Attribute API and have something like that: User user = // create user user.setAttribute(Attribute.create("profileUrl", "http://company/users/profile?id=121")); // the same as new Attribute("",""), just a helper method Attribute addresses = Attribute .create("addresses") // parent, no value defined .add("address1") // child of "addresses" and also a parent .add("postalCode", "123") .add("streetAddress", "123") .add("multivalued", "1","2") // multi-valued attribute for "address1" .add("address2") .add("postalCode", "456") .add("streetAddress", "456") user.setAttribute(addresses); Another thing we can review is the getEmail method on the User interface. Maybe we should support a String array to allow 1+ emails for users. Regards. Pedro Igor ----- Original Message ----- From: "Shane Bryzak" <sbryzak(a)redhat.com> To: security-dev(a)lists.jboss.org Sent: Friday, March 8, 2013 7:58:31 PM Subject: Re: [security-dev] REST API for user provisioning Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can already support most of this already with our identity model, although for complex types it might be a little bit of a challenge. I guess one possibility though is to just make the Attribute value an array of Attributes itself. On 09/03/13 06:53, Anil Saldhana wrote:

Hi All, now that we have an excellent IDM subsystem as part of PicketLink3, we need to next look at incorporating SCIM (http://www.simplecloud.info/), a set of standards surrounding REST API for Cloud Provisioning. SCIM is part of the IETF. Probably in the PicketLink 3.1+ timeframe. Regards, Anil _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

_______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Anil Saldhana

2:19 p.m.

On 03/11/2013 08:00 AM, Pedro Igor Silva wrote:

Maybe we can review the Attribute API and have something like that: User user = // create user user.setAttribute(Attribute.create("profileUrl", "http://company/users/profile?id=121")); // the same as new Attribute("",""), just a helper method Attribute addresses = Attribute .create("addresses") // parent, no value defined .add("address1") // child of "addresses" and also a parent .add("postalCode", "123") .add("streetAddress", "123") .add("multivalued", "1","2") // multi-valued attribute for "address1" .add("address2") .add("postalCode", "456") .add("streetAddress", "456") user.setAttribute(addresses); Another thing we can review is the getEmail method on the User interface. Maybe we should support a String array to allow 1+ emails for users.

Good question. Users typically have a primary email and a secondary email. They may also qualify the email addresses such as work email, personal email etc. Is it better to use the attributes in this case?

Regards. Pedro Igor ----- Original Message ----- From: "Shane Bryzak" <sbryzak(a)redhat.com> To: security-dev(a)lists.jboss.org Sent: Friday, March 8, 2013 7:58:31 PM Subject: Re: [security-dev] REST API for user provisioning Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can already support most of this already with our identity model, although for complex types it might be a little bit of a challenge. I guess one possibility though is to just make the Attribute value an array of Attributes itself. On 09/03/13 06:53, Anil Saldhana wrote: > Hi All, > now that we have an excellent IDM subsystem as part of PicketLink3, > we need to next look at incorporating SCIM > (http://www.simplecloud.info/), a set of standards surrounding REST API > for Cloud Provisioning. SCIM is part of the IETF. > > Probably in the PicketLink 3.1+ timeframe. > > Regards, > Anil

Reply

Shane Bryzak

3:36 p.m.

On 11/03/13 23:00, Pedro Igor Silva wrote:

Maybe we can review the Attribute API and have something like that: User user = // create user user.setAttribute(Attribute.create("profileUrl", "http://company/users/profile?id=121")); // the same as new Attribute("",""), just a helper method Attribute addresses = Attribute .create("addresses") // parent, no value defined .add("address1") // child of "addresses" and also a parent .add("postalCode", "123") .add("streetAddress", "123") .add("multivalued", "1","2") // multi-valued attribute for "address1" .add("address2") .add("postalCode", "456") .add("streetAddress", "456") user.setAttribute(addresses);

-1 on the static create() method, what advantage does it provide over just using the constructor? For this use case I think I would prefer to create a Serializable Address class rather than try to persist an address value as a collection of weakly-typed values. In fact, I think we should be providing a package that contains a bunch of commonly useful Attribute value classes; address, phone number, SSN, e-mail etc. Then all we need to do is this: Collection<Address> values = new ArrayList<Address>(); Address addr = new Address(); addr.setStreetNumber("123"); addr.setStreetName("Main"); // etc values.add(addr); Attribute addresses = new Attribute("addresses", values);

Another thing we can review is the getEmail method on the User interface. Maybe we should support a String array to allow 1+ emails for users.

It is important to maintain a primary e-mail address for the user, for additional e-mail addresses they can be stored as attributes.

Regards. Pedro Igor ----- Original Message ----- From: "Shane Bryzak" <sbryzak(a)redhat.com> To: security-dev(a)lists.jboss.org Sent: Friday, March 8, 2013 7:58:31 PM Subject: Re: [security-dev] REST API for user provisioning Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can already support most of this already with our identity model, although for complex types it might be a little bit of a challenge. I guess one possibility though is to just make the Attribute value an array of Attributes itself. On 09/03/13 06:53, Anil Saldhana wrote: > Hi All, > now that we have an excellent IDM subsystem as part of PicketLink3, > we need to next look at incorporating SCIM > (http://www.simplecloud.info/), a set of standards surrounding REST API > for Cloud Provisioning. SCIM is part of the IETF. > > Probably in the PicketLink 3.1+ timeframe. > > Regards, > Anil > > _______________________________________________ > security-dev mailing list > security-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/security-dev _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Pedro Igor Silva

6 p.m.

----- Original Message -----

From: "Shane Bryzak" <sbryzak(a)redhat.com> To: "Pedro Igor Silva" <psilva(a)redhat.com> Cc: security-dev(a)lists.jboss.org Sent: Monday, March 11, 2013 5:36:48 PM Subject: Re: [security-dev] REST API for user provisioning On 11/03/13 23:00, Pedro Igor Silva wrote: > Maybe we can review the Attribute API and have something like that: > > User user = // create user > > user.setAttribute(Attribute.create("profileUrl", > "http://company/users/profile?id=121")); // the same as new > Attribute("",""), just a helper method > > Attribute addresses = Attribute > > .create("addresses") // parent, no value defined > > .add("address1") // child of "addresses" and also a parent > .add("postalCode", "123") > .add("streetAddress", "123") > .add("multivalued", "1","2") // multi-valued attribute > for "address1" > > .add("address2") > .add("postalCode", "456") > .add("streetAddress", "456") > > user.setAttribute(addresses); -1 on the static create() method, what advantage does it provide over just using the constructor?

No special advantage. Just wanted to show the idea.

For this use case I think I would prefer to create a Serializable Address class rather than try to persist an address value as a collection of weakly-typed values. In fact, I think we should be providing a package that contains a bunch of commonly useful Attribute value classes; address, phone number, SSN, e-mail etc. Then all we need to do is this: Collection<Address> values = new ArrayList<Address>(); Address addr = new Address(); addr.setStreetNumber("123"); addr.setStreetName("Main"); // etc values.add(addr); Attribute addresses = new Attribute("addresses", values);

Works too, in a typed manner. My idea was more generic and, of course, weakly-typed.

> > Another thing we can review is the getEmail method on the User > interface. Maybe we should support a String array to allow 1+ > emails for users. It is important to maintain a primary e-mail address for the user, for additional e-mail addresses they can be stored as attributes. > > Regards. > Pedro Igor > > ----- Original Message ----- > From: "Shane Bryzak" <sbryzak(a)redhat.com> > To: security-dev(a)lists.jboss.org > Sent: Friday, March 8, 2013 7:58:31 PM > Subject: Re: [security-dev] REST API for user provisioning > > Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can > already support most of this already with our identity model, > although > for complex types it might be a little bit of a challenge. I guess > one > possibility though is to just make the Attribute value an array of > Attributes itself. > > On 09/03/13 06:53, Anil Saldhana wrote: >> Hi All, >> now that we have an excellent IDM subsystem as part of >> PicketLink3, >> we need to next look at incorporating SCIM >> (http://www.simplecloud.info/), a set of standards surrounding >> REST API >> for Cloud Provisioning. SCIM is part of the IETF. >> >> Probably in the PicketLink 3.1+ timeframe. >> >> Regards, >> Anil >> >> _______________________________________________ >> security-dev mailing list >> security-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/security-dev > _______________________________________________ > security-dev mailing list > security-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Anil Saldhana

Wednesday, 17 April Wed, 17 Apr

12:48 p.m.

Bolek/Stian, I just put together some preliminary SCIM codebase under the picketlink/scim module. Take a look. It is very early that does create/get users and groups. I am hoping Marko can help out filling the gaps a bit. Regards, Anil On 03/11/2013 08:00 AM, Pedro Igor Silva wrote:

Maybe we can review the Attribute API and have something like that: User user = // create user user.setAttribute(Attribute.create("profileUrl", "http://company/users/profile?id=121")); // the same as new Attribute("",""), just a helper method Attribute addresses = Attribute .create("addresses") // parent, no value defined .add("address1") // child of "addresses" and also a parent .add("postalCode", "123") .add("streetAddress", "123") .add("multivalued", "1","2") // multi-valued attribute for "address1" .add("address2") .add("postalCode", "456") .add("streetAddress", "456") user.setAttribute(addresses); Another thing we can review is the getEmail method on the User interface. Maybe we should support a String array to allow 1+ emails for users. Regards. Pedro Igor ----- Original Message ----- From: "Shane Bryzak" <sbryzak(a)redhat.com> To: security-dev(a)lists.jboss.org Sent: Friday, March 8, 2013 7:58:31 PM Subject: Re: [security-dev] REST API for user provisioning Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can already support most of this already with our identity model, although for complex types it might be a little bit of a challenge. I guess one possibility though is to just make the Attribute value an array of Attributes itself. On 09/03/13 06:53, Anil Saldhana wrote: > Hi All, > now that we have an excellent IDM subsystem as part of PicketLink3, > we need to next look at incorporating SCIM > (http://www.simplecloud.info/), a set of standards surrounding REST API > for Cloud Provisioning. SCIM is part of the IETF. > > Probably in the PicketLink 3.1+ timeframe. > > Regards, > Anil >

Reply

Bolesław Dawidowicz

Thursday, 18 April Thu, 18 Apr

2:01 a.m.

Thanks Anil! I hope by Monday call we'll be able to discuss how to drive it further. On 04/17/2013 07:48 PM, Anil Saldhana wrote:

Bolek/Stian, I just put together some preliminary SCIM codebase under the picketlink/scim module. Take a look. It is very early that does create/get users and groups. I am hoping Marko can help out filling the gaps a bit. Regards, Anil On 03/11/2013 08:00 AM, Pedro Igor Silva wrote: > Maybe we can review the Attribute API and have something like that: > > User user = // create user > > user.setAttribute(Attribute.create("profileUrl", "http://company/users/profile?id=121")); // the same as new Attribute("",""), just a helper method > > Attribute addresses = Attribute > > .create("addresses") // parent, no value defined > > .add("address1") // child of "addresses" and also a parent > .add("postalCode", "123") > .add("streetAddress", "123") > .add("multivalued", "1","2") // multi-valued attribute for "address1" > > .add("address2") > .add("postalCode", "456") > .add("streetAddress", "456") > > user.setAttribute(addresses); > > Another thing we can review is the getEmail method on the User interface. Maybe we should support a String array to allow 1+ emails for users. > > Regards. > Pedro Igor > > ----- Original Message ----- > From: "Shane Bryzak" <sbryzak(a)redhat.com> > To: security-dev(a)lists.jboss.org > Sent: Friday, March 8, 2013 7:58:31 PM > Subject: Re: [security-dev] REST API for user provisioning > > Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can > already support most of this already with our identity model, although > for complex types it might be a little bit of a challenge. I guess one > possibility though is to just make the Attribute value an array of > Attributes itself. > > On 09/03/13 06:53, Anil Saldhana wrote: >> Hi All, >> now that we have an excellent IDM subsystem as part of PicketLink3, >> we need to next look at incorporating SCIM >> (http://www.simplecloud.info/), a set of standards surrounding REST API >> for Cloud Provisioning. SCIM is part of the IETF. >> >> Probably in the PicketLink 3.1+ timeframe. >> >> Regards, >> Anil >> _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Anil Saldhana

10:23 a.m.

It is just a prototype with all the hooks that need to be tied together. But the basic framework is in place for Pull Requests to be sent. On 04/18/2013 02:01 AM, Bolesław Dawidowicz wrote:

Thanks Anil! I hope by Monday call we'll be able to discuss how to drive it further. On 04/17/2013 07:48 PM, Anil Saldhana wrote: > Bolek/Stian, > I just put together some preliminary SCIM codebase under the > picketlink/scim module. Take a look. It is very early that does > create/get users and groups. > > I am hoping Marko can help out filling the gaps a bit. > > Regards, > Anil > > On 03/11/2013 08:00 AM, Pedro Igor Silva wrote: >> Maybe we can review the Attribute API and have something like that: >> >> User user = // create user >> >> user.setAttribute(Attribute.create("profileUrl", "http://company/users/profile?id=121")); // the same as new Attribute("",""), just a helper method >> >> Attribute addresses = Attribute >> >> .create("addresses") // parent, no value defined >> >> .add("address1") // child of "addresses" and also a parent >> .add("postalCode", "123") >> .add("streetAddress", "123") >> .add("multivalued", "1","2") // multi-valued attribute for "address1" >> >> .add("address2") >> .add("postalCode", "456") >> .add("streetAddress", "456") >> >> user.setAttribute(addresses); >> >> Another thing we can review is the getEmail method on the User interface. Maybe we should support a String array to allow 1+ emails for users. >> >> Regards. >> Pedro Igor >> >> ----- Original Message ----- >> From: "Shane Bryzak" <sbryzak(a)redhat.com> >> To: security-dev(a)lists.jboss.org >> Sent: Friday, March 8, 2013 7:58:31 PM >> Subject: Re: [security-dev] REST API for user provisioning >> >> Would we be targeting SCIM 1.1 or 2.0? Also, it looks like we can >> already support most of this already with our identity model, although >> for complex types it might be a little bit of a challenge. I guess one >> possibility though is to just make the Attribute value an array of >> Attributes itself. >> >> On 09/03/13 06:53, Anil Saldhana wrote: >>> Hi All, >>> now that we have an excellent IDM subsystem as part of PicketLink3, >>> we need to next look at incorporating SCIM >>> (http://www.simplecloud.info/), a set of standards surrounding REST API >>> for Cloud Provisioning. SCIM is part of the IETF. >>> >>> Probably in the PicketLink 3.1+ timeframe. >>> >>> Regards, >>> Anil >>> >>>

Reply

4237

days inactive

4278

days old

security-dev@lists.jboss.org

Manage subscription

9 comments

5 participants

tags (0)

participants (5)

Anil Saldhana
Anil Saldhana
Bolesław Dawidowicz
Pedro Igor Silva
Shane Bryzak