directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ole Ersoy <ole.er...@gmail.com>
Subject [Tripesec] Drive by Use Case / Use Example?
Date Sun, 28 Oct 2007 00:46:54 GMT
Hey Guys,

Seen tons of good material from both Alex and David so far, and I think I'm getting what Triplesec
is supposed to do in general.  I wonder if it might help to state use cases / concrete examples?
 Here's a quick example:

Use Case / Use Example
---------------------------------------------------
Allow user Joe read access to file below /home/commons/
on host 192.168.1.64
---------------------------------------------------

I think this would allow people on the list to say "Yeah - If I could centrally store the
rule that Joe should be allowed to read everything under /home/commons on 192.168.1.64 that
would be really valuable."   Also people would be able to focus in on the example and ask
more questions about it, and each mail thread would be focus on each use case.

Then we could keep enumerating all the scenarios until everything is covered like:

Use Case
---------------------------------------------------
Allow user Joe write access to files below /home/commons/only-joe/
on host 192.168.1.64
---------------------------------------------------

Use Case
---------------------------------------------------
Allow user Apache read access to files below /var/www/html/
on host 192.168.1.64
---------------------------------------------------

(The above are the same use cases / examples.  I personally get the "Aha!" feeling quicker
with lots of examples with minor variations, such as as this with one with user being a human
user in the first case and a daemon in the second...).


Use Case
---------------------------------------------------
Create a Role JoeRole
---------------------------------------------------

Use Case
---------------------------------------------------
Assign User Joe to JoeRole
---------------------------------------------------
etc

These use cases could be put in separate thread so that so that each could be discussed separately
from everything else.  In this last case, people might ask "How would I define Joe Programatically?",
"Why would I assign Joe to JoeRole?" or "What if I wanted to assign JoeRole to JoeDaddyRole?",
"Who's your Daddy?", etc.

Anyways, just an idea.  I'm off vacation for seven days, so sorry if I don't get a chance
to respond right away, if anyone comments on this.

Cheers,
- Ole




Mime
View raw message