directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From metcox <met...@gmail.com>
Subject [Triplesec] external directory and grant management (Was Re: [Triplesec])
Date Thu, 23 Aug 2007 11:22:16 GMT
sorry I've forgotten to add a subject :)

Mathieu

2007/8/23, metcox <metcox@gmail.com>:
> Hi,
>
> In my application I use  Apache directory Server - but the application
> should be pluggable with any other directory - and the triplesec api
> to manage authentication and authorization.
> With this combination I can add a grant to a role without having to
> define the related permission.
> I know it's not possible with a full triplesec solution but it's
> something I'm looking for because I need to add dynamic grants. It
> means an application admin (or a user which is able to add grants to
> another user) could build a grant.
> For instance:
> "viewjob JOB" - the user is able to see the job JOB
> "viewjob *" - the user is able to see all the jobs
> or more complicated "viewjob *[status='SUCCESS']" - view all the job
> with success status.
> So this kind of permission can't already exist, or be created on the
> fly without a complex permission management:
> - if the permission don't already exist -> create a new one
> - if the grant is removed -> delete the permission or another user
> have this permission?
> - if the grant is rename -> remove the permission and create a new
> one, or just rename the permission?
>
> So my questions are:
> - Is it possible to use triplesec api (guardian and admin) without
> using the triplesec server. For instance, can I use the guardian api
> with a OpenLdap server?
> - is it possible to add grants to a role (or a profile) without having
> to define a related permission?
>
> Regards,
>
> Mathieu
>

Mime
View raw message