OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Reference Use Case: AuthCache


Jeff Bohren suggested the following use case
when we were discussing support for complex relationships.

An implementation of SPML 1.0
currently models each simple connection type
as an attribute of a managed object (PSO).
User group memberships are represented as
values of a 'memberOf' attribute on each user object.

This allows one to 'search', for example,
for every user that is a member of the "AdminGroup"
or is a member of the "NetworkAdminGroup".
Code that builds an authorization cache does exactly this.

All of the connections for each matching user
will be returned as part of the user object.
Each connection identifies the connected object.
This makes it very easy to build an authorization cache.
- The user identifier becomes a key
  in the map that is used to implement the cache.
- The value corresponding to each key (user ID)
  is a list (or map) of group identifiers.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]