[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [RS Issue] Internal Vs. External Users
Matt sent following comment on section 11.7 that describes Internal Vs. External Users. "This section exists, IMO, due to poor design. Why is there even a concept of internal and external users and organizations? The registry should define an abstract PrincipalProvider service, and treat external and internal users equally as something that may or may not be managed by the registry." The registry historically since version 1 has served in the roles of an Identity Provider (manages users) and an Authentication Authority ( validates user credentials). Thus a registry prior to version 3 allowed users to be stored internal to the registry. With version 3 we allow the Identity Provider and Authentication Authority functions to be provided by an external SAML Authority such as an Access Manager service. Depending upon deployment situations a registry MAY manage users itself or leverage an external service to do so. This section is defining the behavior of how to handle cases where a user is bweing managed by an external service rather than the registry. If you have a specific proposal on how to address this issue please share and we can review the details. Thanks. -- Regards, Farrukh
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]