I started separate thread about Identity Management API today. However as
Gerard pointed on IRC it may be wiser to not keep 4 different threads running
in parallel around similar domain.
I think pretty everything that Shane suggested here around IdentityType, User,
Group and Role is in line with what I described for IDM API. Therefore we could
move discussion there. The only part left to discuss here is Permission
interface proposal then.
Bolek
On Apr 24, 2012, at 12:22 AM, Shane Bryzak wrote:
> One of the missing pieces from the current discussion on the Authorization
> API is the identity model. At present we have a very simplistic User class,
> however we still need to add support for Group and Role. My recommendation
> for this is to base it roughly on the design of the PicketLink API, which has
> a base interface called IdentityType:
>
>
> public interface IdentityType
> {
> String getKey();
> }
>
> The getKey() method returns a unique identifier for the User, Group or Role.
> The User, Group and Role interfaces then extend IdentityType:
>
> public interface User extends IdentityType
> {
> String getId();
> }
>
> getId() returns the username, the same as it currently does.
>
> public interface Group extends IdentityType
> {
> String getName();
> }
>
> getName() returns the name of the group.
>
> public interface Role extends IdentityType
> {
> Group getGroup();
> String getRoleName();
> }
>
> getGroup() returns the role's group.
> getRoleName() returns the name of the role.
>
> So, to extend on my e-mail of yesterday about Permission Management, the
> Permission class (which I did not describe at the time) would look like this:
>
> public class Permission
> {
> public IdentityType getRecipient();
> public Object getResource();
> public String operation;
> }
>
> The recipient, being of type IdentityType would then allow permissions to be
> granted to either a User, a Group or a Role.
>
