[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [provision] Reference Use Case: AuthCache
Gary, Jeff, I think the use case needs to better articulate on how building authorization cache relate to provisioning service ? Are we saying that RA relies on the provisioning service to provide access data and for that it builds an auth. cache ? Doron -----Original Message----- From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] Sent: Friday, August 20, 2004 10:22 PM To: Darran Rolls Cc: PSTC Subject: [provision] Reference Use Case: AuthCache Darran, Jeff Bohren suggested the following use case when we were discussing support for complex relationships. ----------------------------------------------------- An implementation of SPML 1.0 currently models each simple connection type as an attribute of a managed object (PSO). User group memberships are represented as values of a 'memberOf' attribute on each user object. This allows one to 'search', for example, for every user that is a member of the "AdminGroup" or is a member of the "NetworkAdminGroup". Code that builds an authorization cache does exactly this. All of the connections for each matching user will be returned as part of the user object. Each connection identifies the connected object. This makes it very easy to build an authorization cache. - The user identifier becomes a key in the map that is used to implement the cache. - The value corresponding to each key (user ID) is a list (or map) of group identifiers. To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro up.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]