[Yanel-dev] Re: Access Control User Interface

Josias Thöny josias.thoeny at wyona.com
Wed Jan 31 18:35:47 CET 2007 

On Wed, 2007-01-31 at 11:04 +0100, Michael Wechner wrote:
> Josias Thöny wrote:
> 
> >On Wed, 2007-01-31 at 09:33 +0100, Michael Wechner wrote:
> >  
> >
> >>Paloma Gomez wrote:
> >>
> >>    
> >>
> >>>>I think that the Identity is some kind of abstraction of the following
> >>>>items:
> >>>>- user
> >>>>- machine
> >>>>- ip range
> >>>>- world
> >>>>So maybe we could keep Identity.java as a super-class or an interface.
> >>>>But I'm not sure which methods to put into Identity.java.
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>Currently, Identity.java just holds a username and an array containing
> >>>groups and provides getter methods for retrieving them.
> >>>
> >>>      
> >>>
> >>the identity is a container for
> >>
> >>user
> >>machine/ip-range
> >>world
> >>group
> >>    
> >>
> >
> >IIUC the identity is either a user, or a machine, or world, etc. But
> >it's not everything at the same time, or is it?
> >  
> >
> 
> no. A user does also have an IP and can be part of a group or many groups

Yes, of course. But the question is how to model that in the code...
For the user management we proposed to add classes like User, Group
etc.,  and it's not clear to me how this would relate to the Identity.

Maybe we just keep the Identity as it is and implement the user
management somehow separately. I don't know...

josias

> 
> >So it would seem to me more natural to have Identity as a super-type of
> >all those "things", instead of a container.
> >
> >Or am I misunderstanding you?
> >  
> >
> 
> yes ;-) see above
> 
> >What about the following situation:
> >A page has a policy which allows access from a certain ip-number. Now a
> >user at the workstation with that ip-number tries to access that page.
> >The user will be authorized, without entering username/password. In this
> >case the identity is just the machine, and there is no username or group
> >available.
> >  
> >
> 
> the question is if we should introduce for IP Numbers also identities 
> within the identities repository?
> 
> Is that what you are implying?
> 
> Cheers
> 
> Michi
> 
> >
> >Josias
> >
> >  
> >
> >>resp. identifiying a session so to speak. Instead of passing around all 
> >>the types mentioned above one
> >>just has to pass around the identity which I think makes a lot of sense ;-)
> >>
> >>    
> >>
> >>>If we want it to
> >>>represent any kind of item, we should change the current implementation
> >>>since it just considers users.
> >>>
> >>>      
> >>>
> >>which implementation?
> >>
> >>Cheers
> >>
> >>Michi
> >>
> >>
> >>    
> >>
> >
> >
> >_______________________________________________
> >Yanel-development mailing list
> >Yanel-development at wyona.com
> >http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
> >
> >  
> >
> 
>

More information about the Yanel-development mailing list