User and group management in the EPIC API v2 and in the Handle System #39
Description
TK wrote:
The PID-Service has its own user database (secrets/users.rb) which is used to authenticate the users accessing the web service (currently by username+password). Every user has its own "user entry" in this database. Currently no group support is provided out of the box. An idea for authorizing groups could be using institute codes if every PID-Service user has an institute code and this institute code is registered in the user database.
In the Handle System an other user database is used. Every user has its own Handle Administrator entry (HS_ADMIN) in the prefix handle. The users are authenticated by keys or username/passwords. Users can be "grouped" together using the HS_LIST handle type: all users (Handle Admins) of a "group" can be added to a "list of users". This list can be registered as a "normal" administrator for a handle, which provides the same rigths on the handle for all Admins of the group.
The mapping between the PID-Service users and the Handle System users is defined in the PID-Service user database.
The ticket is about to
- understand, which group management possibilities are provided by the PID-Service and by the Handle System
- suggest the best alternative for our use cases
- design an AAI concept for a proper user and group management on both the Handle System and the PID-Servcie level
This ticket will probably be divided in some sub-tickets.