This page contains topics supporting ongoing discussion at dev@syncope.apache.org.

Tracked as SYNCOPE-666.

The purpose of this new feature is to introduce the concept of Any object, e.g. to extend the provisioning engine to support general-purpose definable entities, besides current users and groups (see this page about realms to understand why former roles were renamed to groups).

With this feature onboard, Syncope will be suitable for managing printers, services, or any other "thing" (as in Internet-Of-Things).

Entity changes

New: AnyType

An AnyType instance is defined as a collection of Plain, Derived and Virtual Schema, identified by an unique name.

There will be no more separation among user, group or membership Schema: any Schema instance will be referable by multiple AnyType instances. Unique, mandatory and read-only constraint will be defined at AnyType level, not Schema's.

When creating an Any instance, one or more AnyType instances must be referred; such information can be changed when updating an Any instance.

The default AnyType instances to be referred by new instances of a given Any type can be set on a Realm.

New: Any

An Any instance is defined by:

  1. a unique identifier
  2. one or more AnyType instances
  3. a Realm instance
  4. a collection of Plain, Derived and Virtual attributes (for the Schema instances contained in the referred AnyType instances)
  5. a collection of ExternalResource instances
  6. workflow information (id, status)

Assigning an ExternalResource instance to an Any instance will trigger the propagation flow for that Any instance towards that external resource.

New: Relationship

A Relationship instance is defined by:

  1. a unique identifier
  2. a "left" Any instance
  3. a "right" Any instance

Briefly, Relationship is the generalization of former Membership concept (which can be thought as a Relationship between User and Group); differently than former Membership, however, Relationship instances do not contain attributes.

Updated: User

Becomes a specialized Any instance, with username and password management.

Updated: Group

Becomes a specialized Any instance, with owner management.

It can be used to group Any instances, not necessarily User, with main purpose of realizing group-based provisioning towards external resources.

Updated: External Resource

ExternalResource instance will require to declare, for all supported Any types, the ConnId ObjectClass to use (example: __ACCOUNT__ for User, __GROUP__ for Group)

Removed: Attribute templates

Attribute templates, e.g. the possibility to specify which schema can be instantiated as attribute on a given Group / Membership, are not needed anymore, since the set of attributes available to a given Any instance can be controlled via ObjectType.

REST API changes

Besides changes inducted by updated entities as above, a new REST endpoint will be available for dealing with Any - including search() method.

  • No labels

Questions? Just send an e-mail to user@syncope.apache.org