You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Antonio Ciancio <an...@gmail.com> on 2015/11/04 15:10:37 UTC
PACS (Physical Access Control System) with Syncope
Hi all,
I'm Antonio. I'm working on Syncope since two weeks.
The context in which I work is the PACS (Physical Access Control System):
Users have available one or more badges, each badge has an identification
number; they allow to access in a restricted area using card readers. My
system sends a REST request to Syncope with the following parameters: *card_ID,
card_reader_ID, operation*; “operation” indicates the kind of action that
users need to do (in, out, …).
How can I map these three parameters in Syncope? In particular, How can I
combine the card_ID parameter with the users? My idea is to combine the
token field of the “SyncopeUser” table with the card_ID parameter, can I
costumise it? If I can’t do it, which entity of Syncope can I use to map
the “Card” parameter?
As regard the Syncope response given after the REST request on the basis of
Users needs, which entity can we use to determine this operation ( Role,
Policy…)?
Re: PACS (Physical Access Control System) with Syncope
Posted by Antonio Ciancio <an...@gmail.com>.
I would assign a role (card_reader) to a group of users, for example if i
would allow access to a restricted area to the group "developers". Should i
define a group as a new role, or as role/membership attribute?
Regards
2015-11-06 10:04 GMT+01:00 Antonio Ciancio <an...@gmail.com>:
> Thank you Marco!
>
> I think that now I'm able to implement a test case according to my purpose!
>
> Regards
>
> 2015-11-05 17:29 GMT+01:00 Marco Di Sabatino Di Diodoro <
> marco.disabatino@tirasa.net>:
>
>>
>>
>> Il 05/11/2015 17:11, Antonio Ciancio ha scritto:
>>
>> Marco thank you so much!!!
>>
>> I found your answar very useful for my purpose!
>>
>> In my test case i have to consider another membership attribute, the time
>> period in which users can access to a restricted area.
>>
>> Usually i use an object like this:
>>
>> BEGIN:VCALENDAR
>> PRODID:
>> VERSION:2.0
>> BEGIN:VEVENT
>> SUMMARY:Office Hours
>> DTSTART:19700101T090000
>> DTEND:19700101T170000
>> RRULE:FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
>> DTSTAMP:20121129T154801
>> UID:6b350fc3c646e59e
>> END:VEVENT
>> END:VCALENDAR
>>
>> Would be possible, in Syncope, to set up this informations as a
>> Membership attributes?
>>
>> Yes, it's. You can modelling your solution as you want.
>>
>> Regards
>> Marco
>>
>>
>> Regars,
>> Antonio.
>>
>> 2015-11-05 15:41 GMT+01:00 Marco Di Sabatino Di Diodoro <
>> <ma...@tirasa.net>:
>>
>>> Hi Antonio,
>>>
>>> Il 04/11/2015 15:10, Antonio Ciancio ha scritto:
>>>
>>> Hi all,
>>>
>>> I'm Antonio. I'm working on Syncope since two weeks.
>>>
>>> The context in which I work is the PACS (Physical Access Control System):
>>>
>>> Users have available one or more badges, each badge has an
>>> identification number; they allow to access in a restricted area using card
>>> readers. My system sends a REST request to Syncope with the following
>>> parameters: *card_ID, card_reader_ID, operation*; “operation” indicates
>>> the kind of action that users need to do (in, out, …).
>>>
>>> How can I map these three parameters in Syncope? In particular, How can
>>> I combine the card_ID parameter with the users? My idea is to combine the
>>> token field of the “SyncopeUser” table with the card_ID parameter, can I
>>> costumise it? If I can’t do it, which entity of Syncope can I use to map
>>> the “Card” parameter?
>>>
>>> Token field is a specific field with internal functions and it's better
>>> not override.
>>> Best way to map your requirements with Syncope is to use schemas, roles
>>> and memberships [1]. I suggest you to use "Syncope Roles" as CARD_READER
>>> entity with a role attribute where you can map the card_reader_ID. In
>>> addition, you have to create two membership attributes for the card_ID and
>>> operation fields.
>>>
>>> Now, you can assign to an user one or more roles (card reader) where every
>>> relationship user-role contains the card_ID and operation permissions
>>> of an user (membership attributes). If you want, you can configure your
>>> attributes multi-value (for example operation: "in, out").
>>>
>>> As regard the Syncope response given after the REST request on the basis
>>> of Users needs, which entity can we use to determine this operation ( Role,
>>> Policy…)?
>>>
>>> For the authentication and authorization, you have to implement a new
>>> REST endpoint where you check if an user has assigned a role with the
>>> passed card_reader_ID and the card_ID and operation matches the membership
>>> values.
>>>
>>> Regards
>>> Marco
>>>
>>> [1]
>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
>>>
>>> --
>>> Dott. Marco Di Sabatino Di Diodoro
>>> Tel. +39 3939065570
>>>
>>> Tirasa S.r.l.
>>> Viale D'Annunzio 267 - 65127 Pescara
>>> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
>>>
>>> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/
>>>
>>>
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale D'Annunzio 267 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
>>
>> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/
>>
>>
>
Re: PACS (Physical Access Control System) with Syncope
Posted by Antonio Ciancio <an...@gmail.com>.
Thank you Marco!
I think that now I'm able to implement a test case according to my purpose!
Regards
2015-11-05 17:29 GMT+01:00 Marco Di Sabatino Di Diodoro <
marco.disabatino@tirasa.net>:
>
>
> Il 05/11/2015 17:11, Antonio Ciancio ha scritto:
>
> Marco thank you so much!!!
>
> I found your answar very useful for my purpose!
>
> In my test case i have to consider another membership attribute, the time
> period in which users can access to a restricted area.
>
> Usually i use an object like this:
>
> BEGIN:VCALENDAR
> PRODID:
> VERSION:2.0
> BEGIN:VEVENT
> SUMMARY:Office Hours
> DTSTART:19700101T090000
> DTEND:19700101T170000
> RRULE:FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
> DTSTAMP:20121129T154801
> UID:6b350fc3c646e59e
> END:VEVENT
> END:VCALENDAR
>
> Would be possible, in Syncope, to set up this informations as a Membership
> attributes?
>
> Yes, it's. You can modelling your solution as you want.
>
> Regards
> Marco
>
>
> Regars,
> Antonio.
>
> 2015-11-05 15:41 GMT+01:00 Marco Di Sabatino Di Diodoro <
> <ma...@tirasa.net>:
>
>> Hi Antonio,
>>
>> Il 04/11/2015 15:10, Antonio Ciancio ha scritto:
>>
>> Hi all,
>>
>> I'm Antonio. I'm working on Syncope since two weeks.
>>
>> The context in which I work is the PACS (Physical Access Control System):
>>
>> Users have available one or more badges, each badge has an identification
>> number; they allow to access in a restricted area using card readers. My
>> system sends a REST request to Syncope with the following parameters: *card_ID,
>> card_reader_ID, operation*; “operation” indicates the kind of action
>> that users need to do (in, out, …).
>>
>> How can I map these three parameters in Syncope? In particular, How can I
>> combine the card_ID parameter with the users? My idea is to combine the
>> token field of the “SyncopeUser” table with the card_ID parameter, can I
>> costumise it? If I can’t do it, which entity of Syncope can I use to map
>> the “Card” parameter?
>>
>> Token field is a specific field with internal functions and it's better
>> not override.
>> Best way to map your requirements with Syncope is to use schemas, roles
>> and memberships [1]. I suggest you to use "Syncope Roles" as CARD_READER
>> entity with a role attribute where you can map the card_reader_ID. In
>> addition, you have to create two membership attributes for the card_ID and
>> operation fields.
>>
>> Now, you can assign to an user one or more roles (card reader) where every
>> relationship user-role contains the card_ID and operation permissions of
>> an user (membership attributes). If you want, you can configure your
>> attributes multi-value (for example operation: "in, out").
>>
>> As regard the Syncope response given after the REST request on the basis
>> of Users needs, which entity can we use to determine this operation ( Role,
>> Policy…)?
>>
>> For the authentication and authorization, you have to implement a new
>> REST endpoint where you check if an user has assigned a role with the
>> passed card_reader_ID and the card_ID and operation matches the membership
>> values.
>>
>> Regards
>> Marco
>>
>> [1]
>> https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale D'Annunzio 267 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
>>
>> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/
>>
>>
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
>
> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/
>
>
Re: PACS (Physical Access Control System) with Syncope
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Il 05/11/2015 17:11, Antonio Ciancio ha scritto:
> Marco thank you so much!!!
>
> I found your answar very useful for my purpose!
>
> In my test case i have to consider another membership attribute, the
> time period in which users can access to a restricted area.
>
> Usually i use an object like this:
>
> BEGIN:VCALENDAR
> PRODID:
> VERSION:2.0
> BEGIN:VEVENT
> SUMMARY:Office Hours
> DTSTART:19700101T090000
> DTEND:19700101T170000
> RRULE:FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
> DTSTAMP:20121129T154801
> UID:6b350fc3c646e59e
> END:VEVENT
> END:VCALENDAR
>
> Would be possible, in Syncope, to set up this informations as a
> Membership attributes?
Yes, it's. You can modelling your solution as you want.
Regards
Marco
>
> Regars,
> Antonio.
>
> 2015-11-05 15:41 GMT+01:00 Marco Di Sabatino Di Diodoro
> <marco.disabatino@tirasa.net <ma...@tirasa.net>>:
>
> Hi Antonio,
>
> Il 04/11/2015 15:10, Antonio Ciancio ha scritto:
>>
>> Hi all,
>>
>> I'm Antonio. I'm working on Syncope since two weeks.
>>
>> The context in which I work is the PACS (Physical Access Control
>> System):
>>
>> Users have available one or more badges, each badge has an
>> identification number; they allow to access in a restricted area
>> using card readers. My system sends a REST request to Syncope
>> with the following parameters: *card_ID, card_reader_ID,
>> operation*; “operation” indicates the kind of action that users
>> need to do (in, out, …).
>>
>> How can I map these three parameters in Syncope? In particular,
>> How can I combine the card_ID parameter with the users? My idea
>> is to combine the token field of the “SyncopeUser” table with the
>> card_ID parameter, can I costumise it? If I can’t do it, which
>> entity of Syncope can I use to map the “Card” parameter?
>>
> Token field is a specific field with internal functions and it's
> better not override.
> Best way to map your requirements with Syncope is to use schemas,
> roles and memberships [1]. I suggest you to use "Syncope Roles"
> as CARD_READER entity with a role attribute where you can map the
> card_reader_ID. In addition, you have to create two membership
> attributes for the card_ID and operation fields.
>
> Now, you can assign to an user one or more roles (card reader)
> where every relationship user-role contains the card_ID and
> operation permissions of an user (membership attributes). If you
> want, you can configure your attributes multi-value (for example
> operation: "in, out").
>>
>> As regard the Syncope response given after the REST request on
>> the basis of Users needs, which entity can we use to determine
>> this operation ( Role, Policy…)?
>>
> For the authentication and authorization, you have to implement a
> new REST endpoint where you check if an user has assigned a role
> with the passed card_reader_ID and the card_ID and operation
> matches the membership values.
>
> Regards
> Marco
>
> [1]
> https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel.+39 3939065570 <tel:%2B39%203939065570>
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel+39 0859116307 <tel:%2B39%200859116307> / FAX+39 0859111173 <tel:%2B39%200859111173>
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
> <http://people.apache.org/%7Emdisabatino/>
>
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
Re: PACS (Physical Access Control System) with Syncope
Posted by Antonio Ciancio <an...@gmail.com>.
Marco thank you so much!!!
I found your answar very useful for my purpose!
In my test case i have to consider another membership attribute, the time
period in which users can access to a restricted area.
Usually i use an object like this:
BEGIN:VCALENDAR
PRODID:
VERSION:2.0
BEGIN:VEVENT
SUMMARY:Office Hours
DTSTART:19700101T090000
DTEND:19700101T170000
RRULE:FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
DTSTAMP:20121129T154801
UID:6b350fc3c646e59e
END:VEVENT
END:VCALENDAR
Would be possible, in Syncope, to set up this informations as a Membership
attributes?
Regars,
Antonio.
2015-11-05 15:41 GMT+01:00 Marco Di Sabatino Di Diodoro <
marco.disabatino@tirasa.net>:
> Hi Antonio,
>
> Il 04/11/2015 15:10, Antonio Ciancio ha scritto:
>
> Hi all,
>
> I'm Antonio. I'm working on Syncope since two weeks.
>
> The context in which I work is the PACS (Physical Access Control System):
>
> Users have available one or more badges, each badge has an identification
> number; they allow to access in a restricted area using card readers. My
> system sends a REST request to Syncope with the following parameters: *card_ID,
> card_reader_ID, operation*; “operation” indicates the kind of action that
> users need to do (in, out, …).
>
> How can I map these three parameters in Syncope? In particular, How can I
> combine the card_ID parameter with the users? My idea is to combine the
> token field of the “SyncopeUser” table with the card_ID parameter, can I
> costumise it? If I can’t do it, which entity of Syncope can I use to map
> the “Card” parameter?
>
> Token field is a specific field with internal functions and it's better
> not override.
> Best way to map your requirements with Syncope is to use schemas, roles
> and memberships [1]. I suggest you to use "Syncope Roles" as CARD_READER
> entity with a role attribute where you can map the card_reader_ID. In
> addition, you have to create two membership attributes for the card_ID and
> operation fields.
>
> Now, you can assign to an user one or more roles (card reader) where every
> relationship user-role contains the card_ID and operation permissions of
> an user (membership attributes). If you want, you can configure your
> attributes multi-value (for example operation: "in, out").
>
> As regard the Syncope response given after the REST request on the basis
> of Users needs, which entity can we use to determine this operation ( Role,
> Policy…)?
>
> For the authentication and authorization, you have to implement a new REST
> endpoint where you check if an user has assigned a role with the passed
> card_reader_ID and the card_ID and operation matches the membership values.
>
> Regards
> Marco
>
> [1]
> https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
>
> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/
>
>
Re: PACS (Physical Access Control System) with Syncope
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Hi Antonio,
Il 04/11/2015 15:10, Antonio Ciancio ha scritto:
>
> Hi all,
>
> I'm Antonio. I'm working on Syncope since two weeks.
>
> The context in which I work is the PACS (Physical Access Control System):
>
> Users have available one or more badges, each badge has an
> identification number; they allow to access in a restricted area using
> card readers. My system sends a REST request to Syncope with the
> following parameters: *card_ID, card_reader_ID, operation*;
> “operation” indicates the kind of action that users need to do (in,
> out, …).
>
> How can I map these three parameters in Syncope? In particular, How
> can I combine the card_ID parameter with the users? My idea is to
> combine the token field of the “SyncopeUser” table with the card_ID
> parameter, can I costumise it? If I can’t do it, which entity of
> Syncope can I use to map the “Card” parameter?
>
Token field is a specific field with internal functions and it's better
not override.
Best way to map your requirements with Syncope is to use schemas, roles
and memberships [1]. I suggest you to use "Syncope Roles" as
CARD_READER entity with a role attribute where you can map the
card_reader_ID. In addition, you have to create two membership
attributes for the card_ID and operation fields.
Now, you can assign to an user one or more roles (card reader) where
every relationship user-role contains the card_ID and operation
permissions of an user (membership attributes). If you want, you can
configure your attributes multi-value (for example operation: "in, out").
>
> As regard the Syncope response given after the REST request on the
> basis of Users needs, which entity can we use to determine this
> operation ( Role, Policy…)?
>
For the authentication and authorization, you have to implement a new
REST endpoint where you check if an user has assigned a role with the
passed card_reader_ID and the card_ID and operation matches the
membership values.
Regards
Marco
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/