Re: [security-dev] how to model services managed by a realm

From: "Bill Burke" <bburke(a)redhat.com&gt; To: "Pedro Igor Silva" <psilva(a)redhat.com&gt; Cc: security-dev(a)lists.jboss.org Sent: Tuesday, June 11, 2013 12:18:32 PM Subject: Re: [security-dev] how to model services managed by a realm On 6/11/2013 10:58 AM, Pedro Igor Silva wrote: > The main idea behind tiers are to share role/groups between realms. And > not tie them to a specific realm. From the documentation: > > "A Tier is a more restrictive type of partition than a realm, as it > only allows groups and roles to > be defined (but not users). A Tier may be used to define a set of > application-specific groups and > roles, which may then be assigned to groups within the same Tier, or to > users and groups within > a separate Realm." > > I think I have discussed that with Shane some time ago about attributes > on partitions. Need to recall that. But I agree that partition-scoped > attributes can be handy. > Ok, yet another roadblock I've run into is that it seems you cannot create tiers or realms on the fly. It looks like that all Realms and Tiers you want to have must be known and pre-configured before you create the IdentityManagerFactory. If I understand the code correctly, an IdentityManagerFactory acts as a cache for all realms and tiers stored under it? So, being able to add/remote tiers/realms on the fly would be pretty key.

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com