Hi All, As I could deduce from the discussion so far, we are looking for 2 main purposes to be achieved with security circles.
1. Bulk configuration of service providers 2. Limiting the session sharing between service providers *Bulk configuration of service providers* This will be beneficial in cases, Many service providers are present in the environment while all have similar configurations to be applied In updating of service provider configurations which needs same modification . Value addition will be less in below cases, Service provider configuration not a frequent operation Most use cases having ~10 service providers If service providers does not share similar configurations If we are moving forward with file based configuration of service providers, bulk configuration/update means file modification applied to several files. We can loosen the requirement for service providers to have same configuration, by letting service providers override it as IsharaK mentioned. Another option is to treat claim config, provisioning config, authentication flow as different small circles. Depending on the configuration patterns, we may create new bigger circles using these small circles. With this granularity re-usability of a one set of configuration will be high, but only beneficial if there is a big number of service providers. In this sense IDP can also be treated within a circle. *Limiting the session sharing between service providers* Assume a service provider is no allowed to be present in two security circles as that would violate the session sharing limitation for rest of the service providers in the related circles. Let's take 3 service providers A.B and C. B needs to share the session with A C needs to share the session with A But B and C should not share the session. (not transitive) As I understood so far, this is not possible with security circles. Thanks, Pushpalanka On Mon, Nov 7, 2016 at 10:59 AM, Dimuthu Leelarathne <dimut...@wso2.com> wrote: > > > On Sun, Oct 16, 2016 at 11:37 AM, Ishara Karunarathna <isha...@wso2.com> > wrote: > >> Hi All, >> >> With the current IS implementation We have individual SP configurations >> and we associate authentication chains, claim, provisioning configurations >> etc.. to that service provider configuration. >> As a improvement to this we can group these configurations lets say a >> security circle. >> >> For a security circle [SC]. >> We can configure set of service providers within a SC. >> Associate Userstores to that SC >> Define Authentication chain, Provision config etc.. >> Configre Administration policies Ex: only users in wso2admin can manage >> the wso2 security circle. >> > > According to new security model, I hope we can associate admins for SCs to > achieve the exact Enterprise usecase defined in "[C5 IS] Multi-tenancy in > C5 based IS". > > thanks, > Dimuthu > > >> Group authorization policies belong to this circle. >> Once we configure those it will be applicable to all service providers >> and can override with SP level configurations. >> We can have different login sessions to each circle. >> >> How can we use this. >> Achieve Enterprise SaaS application use case discussed in [1] >> No need to configure same configurations in each SP level can inherit >> from SC configurations. >> Since we are going with container base Multi tenancy in C5, If a user >> does not like, that can be handle with this security circle. >> >> Thanks, >> Ishara >> [1] "[C5 IS] Multi-tenancy in C5 based IS" >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Dimuthu Leelarathne > Director, Solutions Architecture > > WSO2, Inc. (http://wso2.com) > email: dimut...@wso2.com > Mobile: +94773661935 > Blog: http://muthulee.blogspot.com > > Lean . Enterprise . Middleware > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
