Authorization in uPortal 1.x
In uPortal 1.x, authorization involved managing the association between users and a flat set of roles, and associating a user with 0 more more of them. A portal function was protected by requiring the user to have a particular role in order to perform it, very much like analogous to checking isUserInRole().
Requirements for uPortal 2.x
The authorization requirements for uPortal 2.0 were:
- finer-grained permission controls
- a more flexible role or groups structure to more closely model a university
- a facility to distribute management of authorizationuse of authorization management (i.e., provisioning)
- the ability to use data from outside sources the portal (e.g., LDAP) to make decisions inside the portal
These requirements gave rise to separate services for Groups and Permissions. The Groups design was fairly complex since it was meant to allow for many different organizational modelstried to accommodate a range of environments. The Permissions design was fairly straightforwardsimple, since it focused on protecting a few core portal functions.
Requirements for uPortal 2.5+ and uPortal 3
...