Hi Tim
I was implying that the addRole operation would not be used or needed in
the federation case, because all user roles are initially created by
IdPs and then by attribute mappings.
I was not saying anything about the various admin roles that might exist
because as I understand it, there is n
Hi David,
See below.
On 5/7/15, 1:01 AM, "David Chadwick" wrote:
>Hi Tim
>
>On 06/05/2015 21:53, Tim Hinrichs wrote:
>> I wondered if we could properly protect the API call for adding a new
>> Role using the current mechanism. So I came up with a simple example.
>>
>> Suppose we want to write
Hi Tim
On 06/05/2015 21:53, Tim Hinrichs wrote:
> I wondered if we could properly protect the API call for adding a new
> Role using the current mechanism. So I came up with a simple example.
>
> Suppose we want to write policy about the API call: addRole(user,
> role-name). If we’re hosting bo
