[jira] [Commented] (FC-144) Ability to assign groups to roles

Mon, 25 Jul 2016 10:12:02 -0700 

    [ 
https://issues.apache.org/jira/browse/FC-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15392308#comment-15392308
 ] 

Shawn McKinney commented on FC-144:
-----------------------------------

OK, for some reason I thought there might be a mapping there.  Of the other two 
options, group to role makes the most sense.  Not breaking or violating 
anything, but it is another relationship to manage.  Nothing difficult, just 
work.  Seems like I estimated this some time back to be 1 - 4 weeks of work to 
get all of the components updated, new test cases written, released, etc...  

The wildcard here is the openldap accelerator which isn't part of the apache 
directory project and would have to be handled separately.

> Ability to assign groups to roles
> ---------------------------------
>
>                 Key: FC-144
>                 URL: https://issues.apache.org/jira/browse/FC-144
>             Project: FORTRESS
>          Issue Type: Improvement
>    Affects Versions: 1.0.0-RC40
>            Reporter: Florin Stingaciu
>
> We are currently working on performing an integration between Openstack 
> Keystone and Fortress Core. We will use Fortress as the authorization backend 
> for the rest of Openstack. We have managed to map most of the current 
> functionality in Openstack within the Fortress schema except for the ability 
> to assign roles to a group. 
> I've spoken with [~smckinney], and he determined this improvement is a 
> feasible addition to Fortress's feature set. After a number of back and 
> forths, we have come up with the following requirements as API additions:
> * Session createSession (Group group, boolean isTrusted);
> * void assignGroup ( Group group, Role role );
> * List<Group> roleGroups ( Role role );
> * List<Role> groupRoles ( Group group );
> * the ability to use the above session with checkAccess(Session session, 
> Permission perm)
> We also discussed temporal constrains for group to role assignment. Temporal 
> constrains will not be utilized as this functionality has not been defined in 
> Openstack.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to