forked from tdraier/contextserver-graphql-api
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathimplementation-notes.txt
68 lines (67 loc) · 2.78 KB
/
implementation-notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#
# Recommended deployment architecture
# -----------------------------------
#
# Browser -> CXS (or custom) Web Source -> Public methods (getProfile, logEvents) Unomi will probably provide a built-in web source
# Browser -> Authentication Proxy Source -> Self-management APIs (updateProfile)
# Browser -> Backend Proxy Source -> Management APIs (all)
#
# Pre-defined security roles:
# ---------------------------
#
# Roles : administrator, authenticated, public
#
# Securing queries, mutations and subscriptions:
# ----------------------------------------------
# Source are recognized using tokens. Source have roles that have associated permissions on CXS
# GraphQL methods (queries, mutations and subscriptions), for each method we have an associated permission.
# Field-level permissions could be optionally controlled by some CXS implementations.
#
# There MUST be an authorization to communicate with the CXS server (no public interfaces).
#
# The CXS server must reject any methods that are not authorized for a source.
# CXS server implementations may also control access to profile properties based on the source.
#
# Suggested default permissions for roles:
#
# ROLE - PERMISSIONS
# visitor - getProfile, processEvents
# authenticated - updateProfile, exportAllYourData, forgetMe
# administrator - all
#
# Basic administrative login should be implementation specific, but source authentification JWT/OAuth 2
# could be useful. Two layers of JWT could be used to authenticate both end users and sources.
#
# Open question : should the administrative user have an associated source Id ? (maybe it shouldn't).
/*
* Example of Context Server (Karaf) user configuration
* Karaf/Unomi users.properties Authentication server 1
* username/password
* public/public1234
* authenticated/authenticated1234
* administrator/administrator1234
*
* Mapping of Context Server users to roles
* public -> public role
* authenticated -> has an authenticated role
*
* web source system configuration
* visitors group in web source -> public context server user
* any group/users in websource (usually a "logged in users" group ie authentication) -> mapped to authenticated user
*
* Example: web user with profile-id 789
*
* -> authenticates against web source as a REGULAR user on Authentication Server 2
* -> web source logins into Unomi using authenticated user
*
* backend source
* internal configuration
* administrator
* backend source will NOT accept authenticated requests
*
* Example: backend administrator with profile-id 789
* -> authenticates against backend source as a administrator user on Authentication Server 2
* -> backend source authenticates as the administrator user inside unomi
*
* The mapping configurations are contained in the configuration of each source (not in Apache Unomi but external)
*/