[security-dev] IDM API - Final review
David M. Lloyd
david.lloyd at redhat.com
Mon Nov 26 16:14:05 EST 2012
I don't think the attribute API is really sophisticated enough for any
nontrivial usage. A string key will yield inconsistent naming policies
and questions of key ownership.
There are two key use cases for that API that I can see:
1. User preference storage. In this case, the user would have (perhaps
indirect) access to these values for the purposes of changing their
preferences and other user-controlled data.
2. Per-application, per-user information storage. In this case the
application might be storing non-role access or authorization
information (e.g. how many of resource XYZ am I alloted?), or non-user
controlled configuration.
On 11/20/2012 04:41 PM, Shane Bryzak wrote:
> I've updated the IdentityManager API based on the latest design, could
> everyone please take a couple of minutes to review and let me know if
> you spot any issues. We'll probably do a time-boxed release (Anil,
> could you please confirm?) shortly so that projects consuming PLIDM can
> start building against the API.
>
> Thanks,
> Shane
>
>
> public interface IdentityManager {
> void bootstrap(IdentityConfiguration configuration,
> IdentityStoreInvocationContextFactory contextFactory);
>
> void setIdentityStoreFactory(IdentityStoreFactory factory);
>
> // User
>
> void createUser(User user);
>
> void removeUser(User user);
>
> void updateUser(User user);
>
> User getUser(String name);
>
> // Group
>
> void createGroup(Group group);
>
> void removeGroup(Group group);
>
> Group getGroup(String groupId);
>
> Group getGroup(String groupName, Group parent);
>
> boolean isMember(IdentityType identityType, Group group);
>
> void addToGroup(IdentityType identityType, Group group);
>
> void removeFromGroup(IdentityType identityType, Group group);
>
> // Roles
>
> void createRole(Role role);
>
> void removeRole(Role role);
>
> Role getRole(String name);
>
> boolean hasRole(IdentityType identityType, Role role, Group group);
>
> void grantRole(IdentityType identityType, Role role, Group group);
>
> void revokeRole(IdentityType identityType, Role role, Group group);
>
> boolean hasApplicationRole(IdentityType identityType, Role role);
>
> void grantApplicationRole(IdentityType identityType, Role role);
>
> void revokeApplicationRole(IdentityType identityType, Role role);
>
> // Query API
>
> <T extends IdentityType> IdentityQuery<T> createQuery();
>
> // Credential management
>
> boolean validateCredential(User user, Credential credential);
>
> void updateCredential(User user, Credential credential);
>
> // User / Role / Group enablement / expiry
>
> void setEnabled(IdentityType identityType, boolean enabled);
>
> void setExpirationDate(IdentityType identityType, Date expirationDate);
>
> IdentityType lookupIdentityByKey(String key);
>
> // Attributes
>
> void setAttribute(IdentityType identityType, Attribute<? extends
> Serializable> attribute);
>
> <T extends Serializable> Attribute<T> getAttribute(IdentityType
> identityType, String attributeName);
>
> void removeAttribute(IdentityType identityType, String attributeName);
>
> // Realm
>
> void createRealm(Realm realm);
>
> void removeRealm(Realm realm);
>
> Realm getRealm(String name);
>
> // Tier
>
> void createTier(Tier tier);
>
> void removeTier(Tier tier);
>
> Tier getTier(String id);
>
> // Context
>
> IdentityManager forRealm(Realm realm);
>
> IdentityManager forTier(Tier tier);
> }
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>
--
- DML
More information about the security-dev
mailing list