Il giorno 17/set/2012, alle ore 12.59, Colm O hEigeartaigh ha scritto: > > Any comments on this? Hi Colm, sorry for my no reaction. Please find my comments in-line.
> > Colm. > > ---------- Forwarded message ---------- > From: Colm O hEigeartaigh <[email protected]> > Date: Mon, Sep 3, 2012 at 4:13 PM > Subject: Re: Syncope Role propagation/synchronization > To: [email protected] > > > > Thanks again for your reply. I'd like to summarize my understanding of this > issue, by listing the following tasks that are required in relation to > supporting role synchronization/propagation (amongst others): > > a) Role propagation. There is no way to create a group or role on an external > resource. It should be possible to map a role in Syncope to an LDAP group for > example. Covered by SYNCOPE-172. Right! > b) Role sychronization. We should be able to map LDAP groups to Roles in > Syncope. We should also be able to reflect LDAP "member" attributes of Groups > by updating the users in Syncope with the corresponding roles. Also covered > by SYNCOPE-172. Exactly. > c) Add workflow support for Roles. Covered by SYNCOPE-173. Exactly. > d) Support dynamic role memberships. For example if a user in the LDAP > backend has a "memberOf" attribute, the synchronized User in Syncope is > assigned a Role(s) that has an attribute that matches the updated resource > attribute (if one exists). Covered by SYNCOPE-140. Also see SYNCOPE-26. Yes but indirectly. I mean, from my point of view the matching should be done on a syncope/local attribute. For example: all the users with attribute "employee_number" valued with a non empty string have to be assigned to the role 'employee' because they are are employees. Now, if the value of the "employee_number" attribute comes from an external resource or has been given via syncope administration console the result must be the same: user is an employee. Regards, F. > Am I leaving anything out, or are there any errors in the above? > > > Thanks, > > Colm. > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
