Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Authorization in uPortal 1.x

In uPortal 1.x, authorization involved managing the association between users and a flat set of roles, and associating a user with 0 more more of them. A portal function was protected by requiring the user to have a particular role in order to perform it, very much like analogous to checking isUserInRole().

Requirements for uPortal 2.x

The authorization requirements for uPortal 2.0 were:

  • finer-grained permission controls
  • a more flexible role or groups structure to more closely model a university
  • a facility to distribute management of authorizationuse of authorization management (i.e., provisioning)
  • the ability to use data from outside sources the portal (e.g., LDAP) to make decisions inside the portal

These requirements gave rise to separate services for Groups and Permissions. The Groups design was fairly complex since it was meant to allow for many different organizational modelsaccommodate a range of environments. The Permissions design was fairly straightforwardsimple, since it was focused on protecting a few core portal functions.

Requirements for uPortal 2.5+ and uPortal 3

...