Re: [security-dev] IDM Realms and Applications - The Nitty Gritty

On 11/15/2012 4:55 PM, Shane Bryzak wrote: > On 11/16/2012 06:25 AM, Bill Burke wrote: >> I don't think your design incorporates the idea of a distributed >> application: a set of services and websites that makes up one >> application. In other words the fun SOA buzzword. > > Even the latest design? > >> >> In my mind, you have a bunch of distributed services. Each service may >> or may not have its own roles and role mappings. A user is allowed to >> execute on a set of services and those services may call other services. >> For example: a user may interact solely with Website A, but Website A >> may need to interact with other services. >> >> So, the actors would be Realm, Applications, Services, Users. > > I'd like to see a specific example demonstrating this use case. Would it > be possible for the services that make up a single application to simply > share the roles defined by that application? Adding yet another layer to > the current design is going to really complicate things further. > A user might be "admin" for one service, but not "admin" for a different service. Service "A" might want to invoke on Service "B" on behalf of the user. Doesn't that have to be conveyed in the model somehow?

Bill -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev