[security-dev] IDM API - Final review

David M. Lloyd david.lloyd at redhat.com
Mon Nov 26 16:14:05 EST 2012


I don't think the attribute API is really sophisticated enough for any 
nontrivial usage.  A string key will yield inconsistent naming policies 
and questions of key ownership.

There are two key use cases for that API that I can see:

1. User preference storage.  In this case, the user would have (perhaps 
indirect) access to these values for the purposes of changing their 
preferences and other user-controlled data.

2. Per-application, per-user information storage.  In this case the 
application might be storing non-role access or authorization 
information (e.g. how many of resource XYZ am I alloted?), or non-user 
controlled configuration.

On 11/20/2012 04:41 PM, Shane Bryzak wrote:
> I've updated the IdentityManager API based on the latest design, could
> everyone please take a couple of minutes to review and let me know if
> you spot any issues.  We'll probably do a time-boxed release (Anil,
> could you please confirm?) shortly so that projects consuming PLIDM can
> start building against the API.
>
> Thanks,
> Shane
>
>
> public interface IdentityManager {
>       void bootstrap(IdentityConfiguration configuration,
> IdentityStoreInvocationContextFactory contextFactory);
>
>       void setIdentityStoreFactory(IdentityStoreFactory factory);
>
>       // User
>
>       void createUser(User user);
>
>       void removeUser(User user);
>
>       void updateUser(User user);
>
>       User getUser(String name);
>
>       // Group
>
>       void createGroup(Group group);
>
>       void removeGroup(Group group);
>
>       Group getGroup(String groupId);
>
>       Group getGroup(String groupName, Group parent);
>
>       boolean isMember(IdentityType identityType, Group group);
>
>       void addToGroup(IdentityType identityType, Group group);
>
>       void removeFromGroup(IdentityType identityType, Group group);
>
>       // Roles
>
>       void createRole(Role role);
>
>       void removeRole(Role role);
>
>       Role getRole(String name);
>
>       boolean hasRole(IdentityType identityType, Role role, Group group);
>
>       void grantRole(IdentityType identityType, Role role, Group group);
>
>       void revokeRole(IdentityType identityType, Role role, Group group);
>
>       boolean hasApplicationRole(IdentityType identityType, Role role);
>
>       void grantApplicationRole(IdentityType identityType, Role role);
>
>       void revokeApplicationRole(IdentityType identityType, Role role);
>
>       // Query API
>
>       <T extends IdentityType> IdentityQuery<T> createQuery();
>
>       // Credential management
>
>       boolean validateCredential(User user, Credential credential);
>
>       void updateCredential(User user, Credential credential);
>
>       // User / Role / Group enablement / expiry
>
>       void setEnabled(IdentityType identityType, boolean enabled);
>
>       void setExpirationDate(IdentityType identityType, Date expirationDate);
>
>       IdentityType lookupIdentityByKey(String key);
>
>       // Attributes
>
>       void setAttribute(IdentityType identityType, Attribute<? extends
> Serializable> attribute);
>
>       <T extends Serializable> Attribute<T> getAttribute(IdentityType
> identityType, String attributeName);
>
>       void removeAttribute(IdentityType identityType, String attributeName);
>
>       // Realm
>
>       void createRealm(Realm realm);
>
>       void removeRealm(Realm realm);
>
>       Realm getRealm(String name);
>
>       // Tier
>
>       void createTier(Tier tier);
>
>       void removeTier(Tier tier);
>
>       Tier getTier(String id);
>
>       // Context
>
>       IdentityManager forRealm(Realm realm);
>
>       IdentityManager forTier(Tier tier);
> }
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>


-- 
- DML


More information about the security-dev mailing list