Difference between revisions of "SOA3 User Management Module"
(→Well suited Use Cases) |
(→Well suited Use Cases) |
||
Line 59: | Line 59: | ||
Security related use cases involve SOA3 internal functionalities. In particular, in some use cases, [[SOA3 Authorization Module]] needs to access user data in order to obtain some attributes for taking authorization decisions. | Security related use cases involve SOA3 internal functionalities. In particular, in some use cases, [[SOA3 Authorization Module]] needs to access user data in order to obtain some attributes for taking authorization decisions. | ||
− | Dynamic | + | Dynamic loading of attributes is also useful for accounting or SLA management purposes. |
=== Less well suited Use Cases === | === Less well suited Use Cases === |
Revision as of 12:52, 22 March 2012
Overview
User Management Module is SOA3 utility for managing users, groups and roles information. It gives the possibility to perform CRUD operations locally and remotely on diverse data sources.
Key features
- Extensibility
- the module is composed by a core defining the most general operations, and diverse implementations modules to communicate with different data sources. Currently an LDAP and a Liferay based implementations are available, but it is possible to add further implementations
- Multiple interfaces
- the core and the implementations are available as Java Libraries to be integrated with the software managing the data. Otherwise a RESTful interface is available to deploy the module as a standalone web service
- High performance
- in particular using an LDAP directory, which is the suggested solution
Design
Philosophy
The architecture has been conceived as modular in order to obtain the maximum extensibility. In other words, after established the set of operations by which it is possible to efficiently manage users, groups and roles, the storage based implementations has been kept distinguished. This allows improvement and manageability of every single storage connector, and the possibility to add connectors to further data sources. SOAP and REST web interfaces give more than a possibility to manage users remotely.
Architecture
- UserManagement core provides the core CRUD operations for managing users, groups and roles information. In particular it exposes operation to:
- create, read, update and delete users and user attributes
- create, read, update and delete groups and group attributes
- create, read, update and delete groups and group attributes
- associate roles to an user
- associate users to a group
- LDAP Interface is the configurable module to use an LDAP directory as data source
- Liferay Interface is a library for accessing Liferay 6.0.6 Portal [1] API for managing Liferay user list regardless the actual database used by Liferay
- Web Services Interface, SOAP and RESTful exposes User Management core operations as web services
Deployment
Since User Management Module needs to be associated to a data source (LDAP or Liferay database), the single option is to deploy the module at infrastructure level. It should be contacted by SOA3 authorization module in order to load attributes. The following picture shows the deployment:
Use Cases
User Management module covers different use cases inside gCube infrastructure.
Well suited Use Cases
It is possible to distinguish two use case categories:
- portal related use cases
- security related use cases
Portal related use cases concern the Portlets which needs the easy access to users related information.User Management Module's current production implementation, deployed in D4Science[2] infrastructure, uses Liferay database and is integrated in the portal: in this case user management core is directly called by Portlets in order to access required information. The final design decouples totally the module from other components: it is contacted only by web service providing the same functionalities.
Security related use cases involve SOA3 internal functionalities. In particular, in some use cases, SOA3 Authorization Module needs to access user data in order to obtain some attributes for taking authorization decisions.
Dynamic loading of attributes is also useful for accounting or SLA management purposes.
Less well suited Use Cases
Describe here scenarios where the subsystem partially satisfied the expectations.