OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [RS Issue] Internal Vs. External Users

Matt sent following comment on section 11.7 that describes Internal Vs. 
External Users.

"This section exists, IMO, due to poor design.  Why is there even a 
concept of internal and external users and organizations?  The registry 
should define an abstract PrincipalProvider service, and treat external 
and internal users equally as something that may or may not be managed 
by the registry."

The registry historically since version 1 has served in the roles of an 
Identity Provider (manages users) and an Authentication Authority (
validates user credentials). Thus a registry prior to version 3 allowed 
users to be stored internal to the registry.

With version 3 we allow the Identity Provider and Authentication 
Authority functions to be provided by an external SAML Authority such as 
an Access Manager service.
Depending upon deployment situations a registry MAY manage users itself 
or leverage an external service to do so.

This section is defining the behavior of how to handle cases where a 
user is bweing managed by an external service rather than the registry.

If you have a specific proposal on how to address this issue please 
share and we can review the details. Thanks.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]