You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by SyncopeDev <sy...@gmail.com> on 2014/06/02 23:27:40 UTC
An identity and several accounts
Hi,
In Syncope, it seems that an identity (namely HR identity), is linked to
one account (General model).
But, there is a use case that drive to consider that a HR identity can
own several accounts.
Is there a possibility for Syncope to support these needs :
- Manage a link between a HR identity and its personnal accounts
- Manage a link between a HR identity and team accounts
- Rendering those links/attachements in Syncope Console
Purpose : Determine who is the responsible of the accounts. That could
be interesting for orphan detections.
Start a specific workflow if the team account have lost his last owner...
This could be interesting also for auditing.
Maybe Syncope already have this functionnality.
Is it typically a feature that should be implemented in a Third Party
Application ?
Or could it be integrated in Syncope ?
Regards
Re: An identity and several accounts
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 03/06/2014 11:03, Bruno SyncopeDev wrote:
> Hi,
> Ok, you did summarize very well my mail. I didn't want to insult
> Syncope. Sorry.
Hi Bruno,
no problems at all!
I told you that our docs are quite sparse, and this is probably the
result: I encourage you to try things directly on your Syncope instance,
if you don't find anything in the docs.
> It is more a problem of wording.
> And I'll move to dev@ sorry.
Great.
Regards.
> 2014-06-03 8:55 GMT+02:00 Francesco Chicchiriccò <ilgrosso@apache.org
> <ma...@apache.org>>:
>
> Hi,
> what a miserable IdM would be Syncope without bearing the basic
> concepts of identity and accounts!
>
> Mapping the internal identities (not only users, but also roles)
> to accounts and groups residing on external resources is probably
> the core job that Syncope does. An high level explanation of this
> concept can be found at
>
> https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
>
> towards the end of page.
>
> When any user or role is modified, the web admin console reports
> the result of such modification of either Syncope (e.g. the
> identity) and all resources assigned (e.g. the accounts).
> A brief outlook of all possibilities provided by Syncope about
> provisioning are reported at
>
> https://cwiki.apache.org/confluence/display/SYNCOPE/Provisioning
>
>
> Some interesting enhancements that can be summarized from your
> suggestions below:
>
> 1. the "orphan account detection" feature (affecting both core
> and console)
> 2. a better GUI for managing user and role relationships with
> external resources (console only)
>
>
> But again, why are we discussing this at user@? dev@ would be more
> appropriate.
>
> Regards.
>
>
> On 02/06/2014 23:27, SyncopeDev wrote:
>
> Hi,
>
> In Syncope, it seems that an identity (namely HR identity), is
> linked to one account (General model).
> But, there is a use case that drive to consider that a HR
> identity can own several accounts.
> Is there a possibility for Syncope to support these needs :
> - Manage a link between a HR identity and its personnal accounts
> - Manage a link between a HR identity and team accounts
> - Rendering those links/attachements in Syncope Console
> Purpose : Determine who is the responsible of the accounts.
> That could be interesting for orphan detections.
> Start a specific workflow if the team account have lost his
> last owner...
> This could be interesting also for auditing.
>
> Maybe Syncope already have this functionnality.
> Is it typically a feature that should be implemented in a
> Third Party Application ?
> Or could it be integrated in Syncope ?
>
> Regards
>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: An identity and several accounts
Posted by Bruno SyncopeDev <sy...@gmail.com>.
Hi,
Ok, you did summarize very well my mail. I didn't want to insult Syncope.
Sorry.
It is more a problem of wording.
And I'll move to dev@ sorry.
Regards
2014-06-03 8:55 GMT+02:00 Francesco Chicchiriccò <il...@apache.org>:
> Hi,
> what a miserable IdM would be Syncope without bearing the basic concepts
> of identity and accounts!
>
> Mapping the internal identities (not only users, but also roles) to
> accounts and groups residing on external resources is probably the core job
> that Syncope does. An high level explanation of this concept can be found at
>
> https://cwiki.apache.org/confluence/display/SYNCOPE/
> Schema%2C+attributes+and+mapping
>
> towards the end of page.
>
> When any user or role is modified, the web admin console reports the
> result of such modification of either Syncope (e.g. the identity) and all
> resources assigned (e.g. the accounts).
> A brief outlook of all possibilities provided by Syncope about
> provisioning are reported at
>
> https://cwiki.apache.org/confluence/display/SYNCOPE/Provisioning
>
>
> Some interesting enhancements that can be summarized from your suggestions
> below:
>
> 1. the "orphan account detection" feature (affecting both core and
> console)
> 2. a better GUI for managing user and role relationships with external
> resources (console only)
>
>
> But again, why are we discussing this at user@? dev@ would be more
> appropriate.
>
> Regards.
>
>
> On 02/06/2014 23:27, SyncopeDev wrote:
>
>> Hi,
>>
>> In Syncope, it seems that an identity (namely HR identity), is linked to
>> one account (General model).
>> But, there is a use case that drive to consider that a HR identity can
>> own several accounts.
>> Is there a possibility for Syncope to support these needs :
>> - Manage a link between a HR identity and its personnal accounts
>> - Manage a link between a HR identity and team accounts
>> - Rendering those links/attachements in Syncope Console
>> Purpose : Determine who is the responsible of the accounts. That could be
>> interesting for orphan detections.
>> Start a specific workflow if the team account have lost his last owner...
>> This could be interesting also for auditing.
>>
>> Maybe Syncope already have this functionnality.
>> Is it typically a feature that should be implemented in a Third Party
>> Application ?
>> Or could it be integrated in Syncope ?
>>
>> Regards
>>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
> http://people.apache.org/~ilgrosso/
>
>
Re: An identity and several accounts
Posted by Francesco Chicchiriccò <il...@apache.org>.
Hi,
what a miserable IdM would be Syncope without bearing the basic concepts
of identity and accounts!
Mapping the internal identities (not only users, but also roles) to
accounts and groups residing on external resources is probably the core
job that Syncope does. An high level explanation of this concept can be
found at
https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
towards the end of page.
When any user or role is modified, the web admin console reports the
result of such modification of either Syncope (e.g. the identity) and
all resources assigned (e.g. the accounts).
A brief outlook of all possibilities provided by Syncope about
provisioning are reported at
https://cwiki.apache.org/confluence/display/SYNCOPE/Provisioning
Some interesting enhancements that can be summarized from your
suggestions below:
1. the "orphan account detection" feature (affecting both core and
console)
2. a better GUI for managing user and role relationships with external
resources (console only)
But again, why are we discussing this at user@? dev@ would be more
appropriate.
Regards.
On 02/06/2014 23:27, SyncopeDev wrote:
> Hi,
>
> In Syncope, it seems that an identity (namely HR identity), is linked
> to one account (General model).
> But, there is a use case that drive to consider that a HR identity can
> own several accounts.
> Is there a possibility for Syncope to support these needs :
> - Manage a link between a HR identity and its personnal accounts
> - Manage a link between a HR identity and team accounts
> - Rendering those links/attachements in Syncope Console
> Purpose : Determine who is the responsible of the accounts. That could
> be interesting for orphan detections.
> Start a specific workflow if the team account have lost his last owner...
> This could be interesting also for auditing.
>
> Maybe Syncope already have this functionnality.
> Is it typically a feature that should be implemented in a Third Party
> Application ?
> Or could it be integrated in Syncope ?
>
> Regards
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/