1 Reply Latest reply on Jun 5, 2008 5:04 AM by Boleslaw Dawidowicz

    Portal Identity Requirements

    Anil Saldanha Master

      Currently the requirements are rough. Need to polish. Bolek will provide the updates as and when he processes the requirements.

      
      (9:20:26 AM) boldaw: I will describe the design we discussed this week
      (9:20:56 AM) boldaw: basically we thought about the simplest model
      (9:21:10 AM) boldaw: so User - manyToMany - Group (with a type)
      (9:21:44 AM) boldaw: and Group - manyToMany - Relationship (where relationship has From, To and Type)
      (9:21:59 AM) boldaw: so the same entity (Group) can act as a JEE role or whatever
      (9:22:14 AM) boldaw: and relationship can be mapped to LDAP tree (Relationship of type hierarchical)
      


        • 1. Re: Portal Identity Requirements
          Boleslaw Dawidowicz Master

          The initial document with Portal requirements and design ideas is here:

          http://docs.google.com/View?docid=dfzsjmg9_9gjtzhtdd

          I started playing with interfaces for the API and SPI a bit (mainly ideas - nothing complete...). They are here:

          http://anonsvn.jboss.org/repos/portal/modules/identity/trunk/identity/src/main/java/org/jboss/portal/identity2/

          The main concern about the API interfaces I see is where to put methods that update state. Like I wrote in the doc it can be either directly in the entity interfaces or in the common service class:

          user.assignGroup(Group group);
          user.updateAttribute(String name, String[] values);


          This is quite convenient but requires to attach reference to some context object to be able to delegate those methods calls. Another option is:

          identityModule.assignGroup(User user, Group group);
          identityModule.updateAttribute(User user, String name, String[] values);


          Less convenient but User and Group implementations can remain (more or less) plain POJOs

          Another challenge I see in the design is about storing relationships between groups persisted in different stores. One solution is to just make one-to-one mapping between the GroupType and IdentityStore.