Hi all, I'd like to discuss the possibility of supporting dynamic entitlements in Apache Syncope. The goals being to explore if the Apache Syncope community feels that this is a good idea, and if so to try to break the various work items down and start creating JIRAs etc.
Entitlements in Apache Syncope are currently statically defined and are used for internal authorization purposes only. The problem arises when you start considering things like integrating SCIM with Syncope, as the concepts of roles/entitlements in SCIM do not map naturally to groups in Syncope. So it would be great to be able to map roles/entitlements associated with users directly to the same concepts in Syncope. I don't know whether it might be desirable to have different types of entitlements, e.g. whether we want to maintain a separation between "internal" entitlements used for authorization in Syncope, and general entitlements meant for external consumption. The task would involve some UI work to be able to create entitlements. I'm not sure off-hand if we require REST changes, as we can get the entitlements of a User by getting the roles of the user, and then querying the entitlements associated with the role etc. Is it possible to associate roles with a group and then have members of that group inherit the entitlements? WDYT? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
