directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: [Triplesec]
Date Thu, 23 Aug 2007 21:04:17 GMT
Hi Matthieu,

sorry for the delay, we are just in the middle of the next release 
(1.5.1 is due very soon), so we have very few CPU cycle to process your 

Please feel free to ping us again if you get no answer in the next few 
days !


metcox a écrit :

>In my application I use  Apache directory Server - but the application
>should be pluggable with any other directory - and the triplesec api
>to manage authentication and authorization.
>With this combination I can add a grant to a role without having to
>define the related permission.
>I know it's not possible with a full triplesec solution but it's
>something I'm looking for because I need to add dynamic grants. It
>means an application admin (or a user which is able to add grants to
>another user) could build a grant.
>For instance:
>"viewjob JOB" - the user is able to see the job JOB
>"viewjob *" - the user is able to see all the jobs
>or more complicated "viewjob *[status='SUCCESS']" - view all the job
>with success status.
>So this kind of permission can't already exist, or be created on the
>fly without a complex permission management:
>- if the permission don't already exist -> create a new one
>- if the grant is removed -> delete the permission or another user
>have this permission?
>- if the grant is rename -> remove the permission and create a new
>one, or just rename the permission?
>So my questions are:
>- Is it possible to use triplesec api (guardian and admin) without
>using the triplesec server. For instance, can I use the guardian api
>with a OpenLdap server?
>- is it possible to add grants to a role (or a profile) without having
>to define a related permission?

View raw message