OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [provision] Reference Use Case: AuthCache

Gary, Jeff, 

I think the use case needs to better articulate on how building
authorization cache relate to provisioning service ? Are we saying that RA
relies on  the provisioning service to provide access data and for that it
builds an auth. cache  ?


-----Original Message-----
From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] 
Sent: Friday, August 20, 2004 10:22 PM
To: Darran Rolls
Subject: [provision] Reference Use Case: AuthCache


Jeff Bohren suggested the following use case
when we were discussing support for complex relationships.

An implementation of SPML 1.0
currently models each simple connection type
as an attribute of a managed object (PSO).
User group memberships are represented as
values of a 'memberOf' attribute on each user object.

This allows one to 'search', for example,
for every user that is a member of the "AdminGroup"
or is a member of the "NetworkAdminGroup".
Code that builds an authorization cache does exactly this.

All of the connections for each matching user
will be returned as part of the user object.
Each connection identifies the connected object.
This makes it very easy to build an authorization cache.
- The user identifier becomes a key
  in the map that is used to implement the cache.
- The value corresponding to each key (user ID)
  is a list (or map) of group identifiers.

To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]