butonic
commented
3 years ago Hm, they would be granted access to the storage spaces that were shared with them ... Something related to a more dynamic storage registry that is able to answer the question "What storage spaces does userx have access to". With https://github.com/cs3org/cs3apis/pull/95 we could create a storage space with quota 0 ... and type guest. When executing GetHome we can then omit the storage space ...
To identify guests, the login page (or the desktop /mobile app) would take the email only. A discovery can locate the responsible IdP and ocis instance using a ./well-known mechanism. if no idp is known the ocis instance can serve as a fallback to tell the client which idp to use, eg the local one because guests need to be identified by an idp as well. ocis provides glauth to make guests accounts available via LDAP.
Hm I need to think on this to clarify ... sorry
pascalwengerter
tbsbdr
As a manager of my site I want users to collaborate together independently of their affiliation.
Scenario:
Our IdP can federate accounts from different management systems (LDAP for internal CERN accounts), Social logins (FB, Google, ...) and federated auth (EduGain).
Currently we only allow CERNBox users to share with other CERNBox users using the normal sharing. Users are left with public links to share with external users. However, this is not practical when collaboration spans among many users.
We need that users can login with lightweight accounts (social login, edugain) to OCIS BUT they are not granted a personal home space and storage quota. The only way for these users to modify data is through the "Shared with me" and project spaces (that belong to another user and account for the quota of the owner).
This feature requires work in areas than are beyond OCIS web: