Re: [security-dev] IDM Realms and Applications - The Nitty Gritty

On 11/16/2012 06:25 AM, Bill Burke wrote: > I don't think your design incorporates the idea of a distributed > application: a set of services and websites that makes up one > application. In other words the fun SOA buzzword. Even the latest design? > > In my mind, you have a bunch of distributed services. Each service may > or may not have its own roles and role mappings. A user is allowed to > execute on a set of services and those services may call other services. > For example: a user may interact solely with Website A, but Website A > may need to interact with other services. > > So, the actors would be Realm, Applications, Services, Users. I'd like to see a specific example demonstrating this use case. Would it be possible for the services that make up a single application to simply share the roles defined by that application? Adding yet another layer to the current design is going to really complicate things further.