-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resource Rights Registry Analysis #211
Labels
Comments
TheTechArch
added
status/draft
Status: When you create an issue before you have enough info to properly describe the issue.
kind/analysis
labels
Jul 6, 2023
ekorra
removed
the
status/draft
Status: When you create an issue before you have enough info to properly describe the issue.
label
Nov 21, 2023
This was referenced Jan 25, 2024
Flyttet utviklingsoppgaver til epic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The resource rights registry allows for service owners to define a limited set of reportees that can use a specific service.
We need to identify the requirements and analyze the design for the resource rights registry.
In scope
Identify requirements
Possible structure
{
"party": "orgnr:9123432"
"resource" "urn:altinn:resource:superapp",
"actions" : ["read", "write"],
"subjectclaims": ["scope:superscope"],
"validTo": "2024-01-01"
}
Party: Either ssn or orgnumber identifying the reporter
Resource: The reference to the resource in the resource registry
Actions: Additional limit the actions available for a given party
SubjectClaims: Additional required claims for the subject. Potential it could be a scope or a specific role. Needs to be analyzed further for needs
ValidTo: A end date for when this right expires
RRR for scopes
{
"party": "orgnr:9123432"
"resource" "urn:digdir:scope:skd.supercope",
"actions" : ["read", "write"],
"subjectclaims": ["scope:superscope"],
"validTo": "2024-01-01"
}
Enabling the use of RRR
For performance reasons enabling the use of RRR is done on the Resource registration in the resource registry.
A flag on a resource triggers a search in RRR
RRR Validation
We need to create RRR validation that will be used before PDP processing and when checking rights for a given resource.
This needs to be able to
Managing RRR
Resource Registry will expose APIS to manage RRR resources. An org could manage RRR for a resource owned by that entity.
Should this be possible to manage from Altinn Studio? We could, in theory, support having the admin tools available.
Additional Information
No response
Analysis
No response
Conclusion
No response
The text was updated successfully, but these errors were encountered: