Re: [security-dev] how to model services managed by a realm
I guess an Application would be an Agent. Application role names could
either be scoped, i.e. "ApplicationName.RoleName" or I could generate a
unique id for the Role.getName() and add a special "applicationRoleName"
attribute. Then create a custom relationship between the Appplication's
Agent and each role.
That sound right? Should I scope the name, or generate a unique id and
add an attribute?
On 6/10/2013 6:28 PM, Bill Burke wrote:
I'm trying to figure out how to do the following scenario with
the
IdentityManager API:
* A realm with N users
* A realm which manages X applications
* Each application has Y roles
* Users have role mappings for each of those roles
I'll need to be able to query:
* What are the applications in the realm
* What roles does a service have
* What are the role mappings for each service for a particular user
It looks like a Role only has a name. So, I can't have "admin" role for
each of my services and different role mappings per service. Would I
have to model this as different "partitions"? I see that you can create
"partitions", but how do you create relationships between
"partitions"
or share users between partitions?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com