You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2016/08/03 13:16:45 UTC
[3/3] syncope git commit: [SYNCOPE-700] Users, groups and any objects
[SYNCOPE-700] Users, groups and any objects
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/be7dd3da
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/be7dd3da
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/be7dd3da
Branch: refs/heads/master
Commit: be7dd3da804da14b3e85d9cbdd31956e1a1b27c8
Parents: de3ab17
Author: Francesco Chicchiricc� <il...@apache.org>
Authored: Tue Aug 2 12:15:45 2016 +0200
Committer: Francesco Chicchiricc� <il...@apache.org>
Committed: Wed Aug 3 15:16:33 2016 +0200
----------------------------------------------------------------------
.../reference-guide/concepts/concepts.adoc | 12 +----
.../concepts/datamodel/datamodel.adoc | 43 +++++++++++++++
.../datamodel/usersgroupsandanyobjects.adoc | 56 ++++++++++++++++++++
.../concepts/provisioning/provisioning.adoc | 2 +-
.../concepts/provisioning/pull.adoc | 5 +-
.../concepts/provisioning/push.adoc | 2 +-
.../reference-guide/usecases/usecases.adoc | 8 ++-
.../workingwithapachesyncope.adoc | 19 +++++--
8 files changed, 128 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/concepts/concepts.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/concepts.adoc b/src/main/asciidoc/reference-guide/concepts/concepts.adoc
index 5fa9d51..6c24f8c 100644
--- a/src/main/asciidoc/reference-guide/concepts/concepts.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/concepts.adoc
@@ -18,17 +18,7 @@
//
== Concepts
-=== Data model
-
-==== Users, Groups and Any objects
-
-==== Schema, Classes and Types
-
-===== Mapping
-
-==== Realms
-
-==== Domains
+include::datamodel/datamodel.adoc[]
include::provisioning/provisioning.adoc[]
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/concepts/datamodel/datamodel.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/datamodel/datamodel.adoc b/src/main/asciidoc/reference-guide/concepts/datamodel/datamodel.adoc
new file mode 100644
index 0000000..4d67f5a
--- /dev/null
+++ b/src/main/asciidoc/reference-guide/concepts/datamodel/datamodel.adoc
@@ -0,0 +1,43 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+=== Data Model
+
+include::usersgroupsandanyobjects.adoc[]
+
+==== Type Management
+
+===== Schema
+
+===== AnyTypeClass
+
+===== AnyType
+
+===== RelationshipType
+
+===== Type Extensions
+
+==== External Resources
+
+===== Mapping
+
+==== Realms
+
+==== Roles
+
+==== Domains
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/concepts/datamodel/usersgroupsandanyobjects.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/datamodel/usersgroupsandanyobjects.adoc b/src/main/asciidoc/reference-guide/concepts/datamodel/usersgroupsandanyobjects.adoc
new file mode 100644
index 0000000..0e8930e
--- /dev/null
+++ b/src/main/asciidoc/reference-guide/concepts/datamodel/usersgroupsandanyobjects.adoc
@@ -0,0 +1,56 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+==== Users, Groups and Any Objects
+
+Users, groups and any objects are definitely the key entities to manage: as explained <<introduction,above>>
+in fact, the whole identity management concept is literally about managing identity data.
+
+Starting with Apache Syncope 2.0, the following identities are supported:
+
+* *Users* represent the virtual identity build up of account information fragmented throughout the associated external
+resources
+* *Groups* have the double purpose of representing entities on external resources supporting this concept (say LDAP or
+Active Directory) and putting together users or any objects for implementing group-based provisioning, e.g. to
+dynamically associate users or any objects to external resources
+* *Any Objects* actually cover very different entities that can be modeled: printers, services, sensors, ...
+
+For each of the identities above, Apache Syncope is capable of maintaining:
+
+. name - string value uniquely identifying a specific user, group or any object instance;
+. password (users only) - hashed or encrypted value, depending on the selected `password.cipher.algorithm` - see
+<<configuration-parameters, below>> for details, which can be used for authentication;
+. set of attributes, with each attribute being a `(key,values)` pair where
+
+ ** `key` is a string label (i.e. `surname`)
+ ** `values` is a (possibly singleton) collection of data (i.e. `[Doe]` but also
+`[\john.doe@syncope.apache.org, \jdoe@gmail.com]`)
+ ; the type of values that can be assigned to each attribute is defined via the <<schema,schema>> matching the `key`
+value: being schema defined as _plain_, _derived_ and _virtual_, so can be attributes;
+. associations with <<external-resources,external resources>>, for <<provisioning,provisioning>>.
+
+Moreover, users and any objects can be part of groups, or associated to other any objects.
+
+[TIP]
+.Memberships and Relationships
+====
+When an user or an any object is assigned to a group, a *_membership_* is defined; the members of a group benefit
+of <<type-extensions,type extensions>>.
+
+When an user or an any object is associated to another any object, a *_relationship_* is defined.
+====
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc
index eb42f97..70e264b 100644
--- a/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc
@@ -18,7 +18,7 @@
//
=== Provisioning
-As introduced <<provisioning-engines,above>>, provisioning is actually the core feature provided by Apache Syncope.
+As introduced <<provisioning-engines,above>>, provisioning is actually _the_ core feature provided by Apache Syncope.
Essentially, it can be seen as the process of keeping the identity data, on Syncope and related external resources,
synchronized according to the specifications provided by the <<mapping,mapping>> by performing create, update and
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc
index fe3491a..993c3e4 100644
--- a/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc
@@ -22,7 +22,7 @@
Pull is the mechanism used to acquire identity data from identity repositories; for each external resource, one or more
<<tasks-pull,pull tasks>> can be defined, run and scheduled for period execution.
-Pull task execution involves querying the external resource and then process each entity in an isolated transaction;
+Pull task execution involves querying the external resource and then processing each entity in an isolated transaction;
a retrieved entity can be:
. _matching_ if a corresponding internal entity was found, according to the <<policies-pull,pull policy>> set for the
@@ -60,7 +60,8 @@ FULL RECONCILIATION:: The complete list of entities available is processed.
FILTERED RECONCILIATION:: The subset matching the provided filter of all available entities is processed.
INCREMENTAL:: Only the actual modifications performed since last pull task execution are considered. This mode requires
the underlying connector bundle to implement the ConnId `SYNC` operation - only some of the available bundles match
-this condition.
+this condition. +
+*This is the only mode allowing to pull delete events*, which may end up in causing internal entities removal.
****
====
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc
index 4e043b9..1cf227b 100644
--- a/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc
@@ -23,7 +23,7 @@ With push, the matching set of internal entities can be sent to identity reposit
(re)initialization purposes; for each external resource, one or more <<tasks-push,push tasks>> can be defined, run and
scheduled for period execution.
-Push task execution involves querying the internal storage and then process each entity in an isolated transaction;
+Push task execution involves querying the internal storage and then processing each entity in an isolated transaction;
an internal entity can be:
. _matching_ if a corresponding remote entity was found, according to the <<policies-push,push policy>> set for the
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/usecases/usecases.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/usecases/usecases.adoc b/src/main/asciidoc/reference-guide/usecases/usecases.adoc
index aa10511..8a87e5d 100644
--- a/src/main/asciidoc/reference-guide/usecases/usecases.adoc
+++ b/src/main/asciidoc/reference-guide/usecases/usecases.adoc
@@ -16,4 +16,10 @@
// specific language governing permissions and limitations
// under the License.
//
-== Use cases
\ No newline at end of file
+== Use cases
+
+=== LDAP
+
+=== GoogleApps
+
+=== Active Directory
http://git-wip-us.apache.org/repos/asf/syncope/blob/be7dd3da/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc
index cfcdde5..561c3b4 100644
--- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc
+++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc
@@ -45,10 +45,23 @@ include::restfulservices/restful-services.adoc[]
[[customization-enduser]]
==== Enduser
-==== New extensions
+[[customization-extensions]]
+==== Extensions
=== Deploying in production
-==== Options
+==== DBMS
-==== High-Availability
\ No newline at end of file
+==== JavaEE Container
+
+==== High-Availability
+
+=== Runtime Management
+
+==== Configuration Parameters
+
+==== Domains Management
+
+==== HowTOs
+
+===== Changing admin password