From dev-return-16290-archive-asf-public=cust-asf.ponee.io@syncope.apache.org Tue Sep 11 16:55:44 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 2093518065B for ; Tue, 11 Sep 2018 16:55:43 +0200 (CEST) Received: (qmail 28051 invoked by uid 500); 11 Sep 2018 14:55:43 -0000 Mailing-List: contact dev-help@syncope.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@syncope.apache.org Delivered-To: mailing list dev@syncope.apache.org Received: (qmail 28039 invoked by uid 99); 11 Sep 2018 14:55:43 -0000 Received: from mail-relay.apache.org (HELO mailrelay1-lw-us.apache.org) (207.244.88.152) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Sep 2018 14:55:43 +0000 Received: from [192.168.0.3] (smtp.tirasa.net [93.34.9.207]) by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id 28623D72 for ; Tue, 11 Sep 2018 14:55:41 +0000 (UTC) Subject: Re: [DISCUSS] User requests To: dev@syncope.apache.org References: <29f508a5-29a5-7de4-ad06-523133cbcbd2@apache.org> From: =?UTF-8?Q?Francesco_Chicchiricc=c3=b2?= Openpgp: preference=signencrypt Autocrypt: addr=ilgrosso@apache.org; prefer-encrypt=mutual; keydata= xsBNBE9EncsBCAC02uAixULU/lI6u7y2a4hPLZ+J9eb1ZNVrg4iockEktP39C8zsve4rxltc 9SnT5wa2XwVTwiSl8HjxFGmc/CyMP4l+JLYLqAxvN25BXzoC7pvIpH5VcXMnTKP2bqIcIQ3H bR2gLxjxlEzRBgmzsnrtNWhlCi4DNuUcarMrzaWbQkW5DiieW/V7BNEKw7L/WESXWbXTC9zj vyf9JQ/Ql3ys7n7y+/C7nnnnRys9kJahJkYbiLasJTxRMm/ENjzwamE1s2khxNDhYXmeXyUf PYDv46rVP39TNNbecG9EuHbZZ1pRRSkGZJZnpWBu0O6VWOfn0aF2rR5mfbGHsQA8CQWlABEB AAHNOEZyYW5jZXNjbyBDaGljY2hpcmljY8OyIChpbGdyb3NzbykgPGlsZ3Jvc3NvQGFwYWNo ZS5vcmc+wsB4BBMBAgAiBQJPRJ3LAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBr QxPtJz3yh5j3B/46VEpC62uq3wiwDaUYI2fl6DYjlAuSGbI9Q7Avxpz+yDieaPE7Q3C19Xx+ wTFrHyPOswbltmT5KDNqEpe5C9IpqoSyu7UIkqHtlXTxhsu+rFWpfABnI4sfQ0ui1VOLN3JB xG7G8PHCmIdYThSCRoM14u4KSU1ytd3SFtOpNLVU5TVBGm+aJWOu++XPSICn97101ndn8AJm JDTlHQwqMzpQTejLQnv020SouLq5cB2O6HSuSmSDpctFCdYkYLzHA6p3WzKgVXt9c3CV7Zhf w/XufaqXQQIkr1VLN/l13PlbPPnLluzPO+agDuCsJReFzF2JwxJYBLUIu0T8A+yrfTIzzsBN BE9EncsBCADQrFXb7lIhSSaTIkNnE987DGgLn9QRUEvSa+132lWcZYx+knLehdH0++F/cqUc 2KT17anzbOidGo0rvxwj5s42NV3lOUWIFBM7pUCwN2ef2CM3TVwA+/WrKGRFq/+cwAhSfDoc jtN4+vYd4NbIgzSA7ZuoaT4vKRpBex0fAN2J8tLOzXSbXdsoWRj4pVBnJ0N6WHRlaqLQnQ7o F1E6ZrNREMWasjxRuZ38mlpfbArnqw+lAbHL6T/BsKXOEjASe5iOPN9r95HW6dH1vmef1mOk /Pu6wr+eIcqwPIBUQRvHw5UnOrMugUf1ohgnx2NvggLOSlvgGBnZo47MphpOd5DVABEBAAHC wF8EGAECAAkFAk9EncsCGwwACgkQa0MT7Sc98oeFHggAro4b3tGyKCV7tMz8q9drqigl/6n+ /2riaumndUcPFZOsewDmg/75jszjc6hoe7wreBkJi0u8kvm6F0RpIlGk5WpCa7bljEc6Erm9 GLON/DoYn1MSpdMZdwucairqvMK1YWg/7wI/xjgq6br5FBoLegVE8bd3Iy4SVWKUIRURBF7q Ft3rVRUJdcmqHvCWpxDJ1VKPRDHf5szVkWXFJI0xiU6KuICWidZ9Hg3WXUsm3SePD7FtokiK 0Y9SBzHpd9EZe8KRIHekl5gVS2Xe83GC5GvPHEXE0usYUNRDArOXqIkGUCWHZ7gzueMBcWqW x+uxeS7bQfZZO/7ew7lIDf4gYA== Message-ID: <2c57967f-ebe1-0004-211f-20066671b249@apache.org> Date: Tue, 11 Sep 2018 16:55:40 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <29f508a5-29a5-7de4-ad06-523133cbcbd2@apache.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Hi all, no objections, hence I created https://issues.apache.org/jira/browse/SYNCOPE-1369 Regards. On 07/09/2018 14:52, Francesco Chicchiriccò wrote: > On 06/09/2018 12:31, Francesco Chicchiriccò wrote: >> Hi all, >> I have been lately involved into some considerations around user >> workflow, approvals and user requests. >> >> As stated in [1], "Workflow manages the internal identity lifecycle >> by defining statuses and transitions that every user, group or any >> object in Apache Syncope will traverse.". >> For users, the Flowable adapter is available [2] (Activiti up to >> Syncope 2.0), which allows to define approvals [3] as additional >> steps to traverse, to which approval forms are bound. >> >> So far, so good. >> >> The current approval forms can be seen as a particular case of a more >> general concept, e.g user requests - a core concept of Identity >> Governance (IGA). >> >> With user requests, users can initiate whichever request among the >> ones defined, for example "assign me a mobile phone" or "give me >> those groups on AD", for them or on behalf of others; once initiated, >> such requests can then follow their own path, which might include one >> or more approval steps. >> There is also no limitation on the number of concurrent requests that >> an user can initiate. >> >> Unfortunately, I came to the conclusion that our current >> implementation is not able to properly implement the user requests as >> briefly outlined above; among other things, the impossibility to >> handle more than an approval process at a time, per user. >> >> Hence, and a major refactoring is needed; I propose to: >> >> 1. remove the current Flowable user workflow adapter > > After some further considerations, I think that this statement could > be reformulated as > > 1. remove approvals features from the current Flowable user workflow > adapter > > leaving it still open for usage in Syncope 2.1 and future releases, > but only to manage the internal user lifecycle and *not* for approvals > - which will be anyway replaced by user requests. > >> 2. power up the DefaultUserWorkflowAdapter to allow easier injection >> of custom logic, with the usual way we already take for PullActions, >> PushActions, RealmActions etc, e.g. WorkflowActions >> 3. define a new UserRequest entity, which includes at least >>   3.1 some triggering conditions >>   3.2 a Flowable workflow definition, possibly containing approval >> form(s) >> 4. adjust REST services, Admin Console and Enduser UI to cope with >> the new UserRequest concept >> >> In my idea, the changes above should take place in the 2_1_X branch >> (and thus be likely available with Syncope 2.1.2), along with proper >> upgrade instructions from Syncope 2.1.1. >> >> WDYT? >> Regards. >> >> [1] >> https://ci.apache.org/projects/syncope/2_1_X/reference-guide.html#workflow >> [2] >> https://ci.apache.org/projects/syncope/2_1_X/reference-guide.html#flowable-user-workflow-adapter >> [3] >> https://ci.apache.org/projects/syncope/2_1_X/reference-guide.html#approval -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/