This page contains topics supporting ongoing discussion at dev@syncope.apache.org.

Tracked as SYNCOPE-1281.

Requirements

Enable Syncope with the ability to define, map and query the rights that users own on external applications.

Design

Introduce two new entities:

  1. Application - with name and optional description
  2. Privilege - with name and optional specification, where specification is a binary field where it is possible to store arbitrary values - for example some descriptive JSON to provide operational information about this privilege: it could be { "method": "POST", "url": "/a/b/c" } and then 3rd party applications can provide their own interpretation

An Application can have zero or more Privileges attached.

Roles can be associated to zero or more Privileges.

 

  • No labels

Questions? Just send an e-mail to user@syncope.apache.org