You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Nitin Gupta (Jira)" <ji...@apache.org> on 2022/12/21 03:40:00 UTC

[jira] [Closed] (OAK-9803) Extend DynamicSyncHandler to allow for dynamic groups

     [ https://issues.apache.org/jira/browse/OAK-9803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nitin Gupta closed OAK-9803.
----------------------------

> Extend DynamicSyncHandler to allow for dynamic groups
> -----------------------------------------------------
>
>                 Key: OAK-9803
>                 URL: https://issues.apache.org/jira/browse/OAK-9803
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: auth-external
>            Reporter: Angela Schreiber
>            Assignee: Angela Schreiber
>            Priority: Major
>             Fix For: 1.46.0
>
>
> since OAK-4391 _oak-auth-external_ comes with a dynamic membership option that limits the synchronization of external identities to users and their group membership (see https://jackrabbit.apache.org/oak/docs/security/authentication/external/dynamic.html for documentation).
> while the feature meets the need to compute a set of principals for permission evaluation upon repository login, it has proven to cause some confusion when it comes to user management and discovering user-group relationship, which can be obtained from the principal management API (but no longer reflected in the repository's user management. reasoning: external identities are managed elsewhere and the repository is no longer in charge).
> with the introduction of the {{DynamicMembershipService}} interface (see OAK-9462), we would be able to improve that by optionally synchronizing external groups as dynamic (similar to the _everyone_ group) if dynamic membership flag is turned on.
> cc: [~insuafer]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)