syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SYNCOPE-1152) Clear out unneeded anonymous authenticated services
Date Tue, 11 Jul 2017 15:47:00 GMT

    [ https://issues.apache.org/jira/browse/SYNCOPE-1152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16082408#comment-16082408
] 

ASF subversion and git services commented on SYNCOPE-1152:
----------------------------------------------------------

Commit 6d086d5f3a6b2ff34398941113c14f044b7dde0f in syncope's branch refs/heads/2_0_X from
[~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=6d086d5 ]

[SYNCOPE-1152] Cleanup complete


> Clear out unneeded anonymous authenticated services
> ---------------------------------------------------
>
>                 Key: SYNCOPE-1152
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1152
>             Project: Syncope
>          Issue Type: Improvement
>          Components: core, enduser
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>             Fix For: 2.0.5, 2.1.0
>
>
> Following the [discussion|https://wilderness.apache.org/channels/?f=apache-syncope/2017-06-28]
we had on IRC with [~coheigea], it seems that a few Entitlements, not available since earlier
versions, might be re-introduced, to properly control access to the related REST services:
> * GROUP_LIST
> * RESOURCE_LIST
> * ANYTYPE_LIST
> * ANYTYPECLASS_LIST
> * SCHEMA_LIST
> * SECURITY_QUESTION_LIST
> * REALM_LIST
> The rationale not to have such Entitlements in Syncope 1.x was that the related information
had to be made available during self-registration.
> Now that we have the Enduser UI, however, it seems that it is possible to
> # introduce dedicated REST endpoint(s) to serve such content for self-registration, with
minimal information (for example only group names, no need to provide extra information as
attributes, type extensions, etc.)
> # restore appropriate access control for the REST endpoints to be accessed for administrative
purposes



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message