|
|
fairlogin status 19.10.2017
|
|
|
|
|
|
Done:
|
|
|
- #44 GitHub Registration done but undocumented
|
|
|
- #44 fairlogin users can register GitHub as Identity Provider TODO: document procedure
|
|
|
- #45 GitHub users can now be Registered TODO: document procedure
|
|
|
- #41 Armin has processed the script again: TODO: clean scripts and import to gitlab (ayers)
|
|
|
|
|
|
WIP:
|
|
|
TODO:
|
|
|
- #?? Testing infrastructure
|
|
|
single VMs are avaiable at edi.osalliance.com
|
|
|
- keycloak.virt
|
|
|
- mailserver.virt
|
|
|
these are copies of the production systems yet not integrated with oneanother
|
|
|
- User sync from GO to KC to LDAP
|
|
|
- Dashboard: Profile / Password management
|
|
|
-- single servers available on edi.osalliance.com
|
|
|
--- keycloak.virt
|
|
|
--- mailserver.virt
|
|
|
-- these are copies of the production systems yet not integrated with one another
|
|
|
- User sync from GO to KC to LDAP: commit scripts, deploy, test & verify (@ayers)
|
|
|
- Group & Membership Sync from GO to KC to LDAP (@armin.felder)
|
|
|
- Dashboard
|
|
|
-- Profile Management
|
|
|
-- Password Management
|
|
|
-- Group Management
|
|
|
--- Subgroups
|
|
|
--- Channels [Chat]
|
|
|
--- Project[GitLab]
|
|
|
-- Group Visiability Management
|
|
|
Mostly, users should only have access to users/groups within their "Team" i.e. Groups in which they are members. The exception is the group everyone.
|
|
|
- How can keycloak/LDAP insure that allemnda users do not see faircoop and vice versa across all applications (unless they are members in both). i.e. Group-sprecific filters.
|
|
|
- How can the group everyone be made available only to system administators?
|
|
|
|
|
|
|
|
|
TODO:
|
|
|
Group Member sync from GO to KC to LDAP
|
|
|
Full Test environment Concept and migraton.
|
|
|
- DNS Concept
|
|
|
- Firewall Setup on host
|
|
|
- should it reflect heu or just provide comparable functionality
|
|
|
- how can we resync esp. after upgrades
|
|
|
|
|
|
- ownCloud integration
|
|
|
- GroupOffice integration
|
|
|
- Gruppen-spezifische Filter von 'fremden' Gruppen
|
|
|
- Develop full testing environment concept and migration (@ayers)
|
|
|
-- DNS Concept
|
|
|
-- Firewall Setup on host
|
|
|
-- should it reflect heu or just provide comparable functionality
|
|
|
-- how can we resync esp. after upgrades
|
|
|
|
|
|
- fairlogin Integration
|
|
|
-- ownCloud integration
|
|
|
-- GroupOffice integration
|
|
|
|
|
|
- Jitsi meet Issue: (overlays do not allow access to etherpad controls)
|
|
|
|
|
|
Diskussion:
|
|
|
- Rollenkonzept innerhalb der fairkom - zunächst werden:
|
|
|
Discussion:
|
|
|
![group-role-concept](/uploads/a8cb0fcd0080a14eb295a6af31e7bae9/group-role-concept.png)
|
|
|
- Group & Role Scheme for fairapps:
|
|
|
-- Users are to be grouped in organizational groups
|
|
|
-- Users can be part of multiple groups
|
|
|
-- Some groups aggregate users' general roles.
|
|
|
-- Apps have inane roles
|
|
|
-- App-roles can be aggregated to composite roles as defined by fairapps on per app level (aka Client-Roles)
|
|
|
-- Client-Roles are aggregated to Realm Roles of
|
|
|
--- major functional Roles [Sysadmins]
|
|
|
--- or Product-offerings [fairapp-users]
|
|
|
--- or Special-Case Roles [specific app client roles]
|
|
|
-- User Gruppen zugeordnet
|
|
|
-- und Applikaitonsrollen Client-Composite-Rollen der App zugeorndet
|
|
|
-- und die.
|
... | ... | |