incubator-deltaspike-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Boleslaw Dawidowicz <boleslaw.dawidow...@gmail.com>
Subject Re: [DISCUSS] DELTASPIKE-79 Authorization API - Identity Model
Date Tue, 24 Apr 2012 09:58:28 GMT
I started separate thread about Identity Management API today. However as Gerard pointed on
IRC it may be wiser to not keep 4 different threads running in parallel around similar domain.
 

I think pretty everything that Shane suggested here around IdentityType, User, Group and Role
is in line with what I described for IDM API. Therefore we could move discussion there. The
only part left to discuss here is Permission interface proposal then. 

Bolek

On Apr 24, 2012, at 12:22 AM, Shane Bryzak wrote:

> One of the missing pieces from the current discussion on the Authorization API is the
identity model.  At present we have a very simplistic User class, however we still need to
add support for Group and Role.  My recommendation for this is to base it roughly on the design
of the PicketLink API, which has a base interface called IdentityType:
> 
> 
> public interface IdentityType
> {
>     String getKey();
> }
> 
> The getKey() method returns a unique identifier for the User, Group or Role.  The User,
Group and Role interfaces then extend IdentityType:
> 
> public interface User extends IdentityType
> {
>    String getId();
> }
> 
> getId() returns the username, the same as it currently does.
> 
> public interface Group extends IdentityType
> {
>    String getName();
> }
> 
> getName() returns the name of the group.
> 
> public interface Role extends IdentityType
> {
>    Group getGroup();
>    String getRoleName();
> }
> 
> getGroup() returns the role's group.
> getRoleName() returns the name of the role.
> 
> So, to extend on my e-mail of yesterday about Permission Management, the Permission class
(which I did not describe at the time) would look like this:
> 
> public class Permission
> {
>    public IdentityType getRecipient();
>    public Object getResource();
>    public String operation;
> }
> 
> The recipient, being of type IdentityType would then allow permissions to be granted
to either a User, a Group or a Role.
> 


Mime
View raw message