[jboss-dev-forums] [Design of JBoss jBPM] - Re: Identity module as an implementation of a service?

[tom.baeyens@jboss.com]

the identity module is pluggable in the interfaces AssignmentHandler and some other that i don't remember.

the difficulty of defining a service for the identity component is that such a service interface would have to adopt a certain model between users, groups, roles, permissions and perhaps other things.  the problem is that you cannot find a single model that matches all the models in any organisation.  so with the service approach you end up mapping the users user-role model onto the model defined in the jbpm identity service.  somehting which will be problematic in many cases.

ideally, there would be a 2 level approach.  an identity service, for wihch you could plug different implementations (e.g. DB or LDAP based) and if the model is too different, people could still write their own assignment handlers and the other interface i don't remember.  but even that has its problems as the navigation of the relations is in case of DB/hibernate based on lazy loading, whereas in an LDAP you would have to put the relation navigation methods in the service interface.

i realize this might be too little explanation for a  lot of reasoning.  feel free to ask more info or to challenge the reasoning.

regards, tom.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018468#4018468

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018468