directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shawn McKinney (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FC-144) Ability to assign groups to roles
Date Mon, 25 Jul 2016 17:11:20 GMT

    [ https://issues.apache.org/jira/browse/FC-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15392308#comment-15392308
] 

Shawn McKinney commented on FC-144:
-----------------------------------

OK, for some reason I thought there might be a mapping there.  Of the other two options, group
to role makes the most sense.  Not breaking or violating anything, but it is another relationship
to manage.  Nothing difficult, just work.  Seems like I estimated this some time back to be
1 - 4 weeks of work to get all of the components updated, new test cases written, released,
etc...  

The wildcard here is the openldap accelerator which isn't part of the apache directory project
and would have to be handled separately.

> Ability to assign groups to roles
> ---------------------------------
>
>                 Key: FC-144
>                 URL: https://issues.apache.org/jira/browse/FC-144
>             Project: FORTRESS
>          Issue Type: Improvement
>    Affects Versions: 1.0.0-RC40
>            Reporter: Florin Stingaciu
>
> We are currently working on performing an integration between Openstack Keystone and
Fortress Core. We will use Fortress as the authorization backend for the rest of Openstack.
We have managed to map most of the current functionality in Openstack within the Fortress
schema except for the ability to assign roles to a group. 
> I've spoken with [~smckinney], and he determined this improvement is a feasible addition
to Fortress's feature set. After a number of back and forths, we have come up with the following
requirements as API additions:
> * Session createSession (Group group, boolean isTrusted);
> * void assignGroup ( Group group, Role role );
> * List<Group> roleGroups ( Role role );
> * List<Role> groupRoles ( Group group );
> * the ability to use the above session with checkAccess(Session session, Permission perm)
> We also discussed temporal constrains for group to role assignment. Temporal constrains
will not be utilized as this functionality has not been defined in Openstack.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message