[Yanel-dev] Re: Access Control User Interface
Josias Thöny
josias.thoeny at wyona.com
Wed Jan 31 09:58:43 CET 2007
On Wed, 2007-01-31 at 09:33 +0100, Michael Wechner wrote:
> Paloma Gomez wrote:
>
> >
> >>I think that the Identity is some kind of abstraction of the following
> >>items:
> >>- user
> >>- machine
> >>- ip range
> >>- world
> >>So maybe we could keep Identity.java as a super-class or an interface.
> >>But I'm not sure which methods to put into Identity.java.
> >>
> >>
> >
> >Currently, Identity.java just holds a username and an array containing
> >groups and provides getter methods for retrieving them.
> >
>
> the identity is a container for
>
> user
> machine/ip-range
> world
> group
IIUC the identity is either a user, or a machine, or world, etc. But
it's not everything at the same time, or is it?
So it would seem to me more natural to have Identity as a super-type of
all those "things", instead of a container.
Or am I misunderstanding you?
What about the following situation:
A page has a policy which allows access from a certain ip-number. Now a
user at the workstation with that ip-number tries to access that page.
The user will be authorized, without entering username/password. In this
case the identity is just the machine, and there is no username or group
available.
Josias
>
> resp. identifiying a session so to speak. Instead of passing around all
> the types mentioned above one
> just has to pass around the identity which I think makes a lot of sense ;-)
>
> > If we want it to
> >represent any kind of item, we should change the current implementation
> >since it just considers users.
> >
>
> which implementation?
>
> Cheers
>
> Michi
>
>
More information about the Yanel-development
mailing list