Provide abstraction layer for identity server

RADAR-base / RADAR-RestApi

RESTful interface to access near real-time data

Apache License 2.0

2 stars 0 forks source link

Provide abstraction layer for identity server #24

Closed dennyverbeeck closed 7 years ago

dennyverbeeck commented 7 years ago

Idea from discussion with @fnobilia: Provide an abstraction layer for commonly used tasks on the identity server. From a security perspective this hides the actual identity product. From an implementation perspective, it decouples all clients from the specific identity server product. Tasks to provide:

Provision a new user
Set user roles
Set user affiliation with projects and studies
Get a valid token
Renew a token
Validate a token
Get user roles and project/study affiliations
Others?

dennyverbeeck commented 7 years ago

I have given this a bit more thought, i think we should move this to be it's own service. Reasons are: in terms of security, this api does probably not need to be public-facing, but can be on internal networks only. More adherence to micro-services architecture, separating responsibilities of services. I suggest moving this to a new repo RADAR-Identity-Api. Any thoughts?

fnobilia commented 7 years ago

Shall these two

Renew a token
Validate a token

make public?

dennyverbeeck commented 7 years ago

Good point, the token operations should be public. And actually the user operations as well, since we want an authenticated admin at the dashboard to be able to manage users and studies. Ok so it should not be on internal networks only. In that case it might not be worth factoring these operations out of rest-api :)

dennyverbeeck commented 7 years ago

Will close this because we have ManagementPortal now