directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@gmail.com>
Subject RE: [TSec convos]
Date Wed, 07 Nov 2007 02:54:45 GMT


> -----Original Message-----
> From: Niclas Hedhman [mailto:niclas@hedhman.org]

SNIP ...

> There is difference in "Role" when talking "Roles of User" vs
> "Permissions of
> Role". Meaning; Any organisation I have been involved with, want to
> view all
> their users as collections, often called Roles, e.g. "Senior
> Developer", "Network Administrator", "Chief Financial Officer" and so
> forth.
> Such Role(s) is/are "assigned" to a particular user.

I agree "assigned" is the verb often used to describe the user-role 
association.

> When looking at the applications Permission system, we are also talking
> Roles,
> as a set of Permissions that Alex is saying above. These roles are
> often
> defined by the application/resource itself.

Right!

> At Triplesec level, you want to be able to correlate that CFO (org
> role)
> implies the role "Finance Package Admin" (app role).
> 
> 
> Hope you can work out the different perspectives you guys have...

I think we have.  Although we don't need groups for RBAC we do need 
it for Triplesec since some groups will exist in Triplesec and others
will be phantom objects whose members are defined outside of 
Triplesec like in Active Directory.  I'm looking into these details.

Alex




Mime
View raw message