key concepts for 2.0

[Francis Bouchard-Boulianne <Fr...@USherbrooke.ca>]

Hi,

Like I was saying a few week ago, we are planning on implementing 2.0 as a replacement of our home grown idP. We are waiting for 2.0, but can we have a two or three line of explanation for folowing the key concepts and how you planned we should use them:
1 - Any objects
2 - Realms
3 - Domains
User and groups are pretty straightforward unless you plan on using a different semantics than in 1.X.

This will help us prepare the data mapping and do our first beta tests with M1, and ma pour existing password reset and create account UI to the syncope services and process management.

Thanks
___________________________________________
Francis Bouchard B.
Analyse - Analyse et assurance qualité - division Systèmes d'information.
Service des technologies de l'information
Université de Sherbrooke

Tél. : 819 821-8000, poste 63465
Courriel : Francis.Bouchard-Boulianne@usherbrooke.ca

Re: key concepts for 2.0

[Francesco Chicchiriccò <il...@apache.org>]

Hi Francis, 

you can find my replies embedded below. 

Regards. 

On 2016-03-01 17:16 Francis Bouchard-Boulianne wrote:

> Hi, 
> 
> Like I was saying a few week ago, we are planning on implementing 2.0 as a replacement of our home grown idP. We are waiting for 2.0, but can we have a two or three line of explanation for following the key concepts and how you planned we should use them: 
> 
> 1 - Any objects

The purpose of this feature is to extend the provisioning engine to
support general-purpose definable entities, besides current users and
groups. 

With "traditional" IdM you can manage users and groups (or roles) on
external resources; in Syncope 2.0 you have the option to define
whatever type (printers, folders, devices, services, ...) and to manage
the provision of such type. 

For example, in CHOReVOLUTION [1], Apache Syncope is provisioning web
services. 

You can find the original discussion and some reference information
about this feature at [2]. 

> 2 - Realms

You can primarily see realms as a mean to represent hierarchical data as
organization / organizational units in LDAP. 

Moreover, they are the key concept around the updated authorization
mechanism implementing delegated administration. 

You can find the original discussion and some reference information
about this feature at [3]. 

> 3 - Domains

The purpose is to provide the possibility of defining separated
"containers" for all entities currently managed by Syncope in order to
allow the execution in multitenant environments. 

You can find the original discussion and some reference information
about this feature at [4]. 

> User and groups are pretty straightforward unless you plan on using a different semantics than in 1.X.

You are right, things are very similar within this regard (unless for
1.2 roles which map to 2.0 groups, roles and realms - see [3]). 

> This will help us prepare the data mapping and do our first beta tests with M1, and ma pour existing password reset and create account UI to the syncope services and process management.

Sounds good! 

Please also consider that 2.0 is coming with a brand new Enduser UI: see
more at [5]. 

[1] http://www.chorevolution.eu/ 

[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Any+objects


[3]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Realms


[4]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Domains


[5] http://blog.tirasa.net/syncope-enduser-security-features.html 

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer
http://home.apache.org/~ilgrosso/