[Login service] The List Roles operation needs to have a mapping of user to their respective roles however the management of roles is specified as out of scope for the login service

[apinder]

At the moment it's difficult to implement the listRoles operation as role management is currently out of scope for the login service.

See:

The responsibility for maintenance of the login roles is outside the scope of this specification as it is a deployment issue to define the possible roles and associate users to those roles.

This leaves the management of user roles to the deployment, because there's no definition of where specifically the user roles are maintained by the deployment there's no way for the login service to infer where a particular deployment is storing these roles in the COM archive.

[SamCooper]

Is this for the testbed?

[apinder]

This is implementing the listRoles operation on the provider. To clarify, if I want to produce a list of roles for a specific user I'd expect those roles to be stored in the COM archive some where for me to retrieve them. Obviously as the above requirement states - the location of those roles is deployment specific.

[SamCooper]

Ah, ok.

So the list of roles and how they are associated to users is deployment specific. For the testbed that just means you can hardcode them if you want or do it any way you want.

However you do you must detail this in the test description so that CNES can replicate the same set up

[SamCooper]

Closed