directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Pike <clp...@psu.edu>
Subject Re: ARBAC and Role Grouping
Date Thu, 02 Jun 2016 12:50:43 GMT
Sorry, meant to respond to this sooner. I think they should probably go into separate trees
since it would give us more flexibility later on if needed.


----- Original Message -----
From: "Shawn McKinney" <smckinney@apache.org>
To: fortress@directory.apache.org
Sent: Saturday, May 14, 2016 4:44:09 PM
Subject: Re: ARBAC and Role Grouping

> On May 12, 2016, at 11:05 AM, Chris Pike <clp207@psu.edu> wrote:
> 
> If I understand what you are proposing, we would create role groups, and each role could
belong to 0 or 1 groups. ARBAC roles could then point at 0 to N groups?

The good news here is there is already a group data structure with apis in GroupMgr.  The
original intent for this was user grouping but it will work for roles as well.  There will
have to be a tweak to support both mappings.  We’ll need to think about how to differentiate.
 One idea is they could go in separate trees, another is to add a type attribute to the entry.

Shawn

Mime
View raw message