lummox and oz about oz HOT 1 CLOSED

Awesome, I'll take a look tomorrow. Would it include any ability to bind to
an enterprise identity management solution like active directory? I'm
thinking of the case where you need to suddenly add 10,000 users overnight
and include a default roles profile, and add additional user roles based on
responsibility.

I.e., the partner grants additional permissions and their authorization
service is allowed to add/subtract roles from a list that both parties
agree on.

CM
On Nov 21, 2015 2:16 PM, "Simon Maxwell-Stewart" [email protected]
wrote:

So recently I have been trying to solve a similar problem to your attempt
with Oz, ie:

Making a secure but flexible authorization protocol between applications
and some kind of grant / scope server.

So i came up with lummox https://github.com/smaxwellstewart/lummox. It
differs from Oz in the following ways:

• It is designed as a highly configurable user management,
  authentication and authorization service for distributed systems; it deals
  with user's CRUD and authentication.
• Once authenticated, a user generates a JSON web token with an
  embedded scope claim (the user's scope). This scope claim is used to
  authorize the user for other systems.
• It does not deal with secure storage of this token.
• It does not deal with securing the transport layer.

While I like the simplicity of just dealing with JSON web tokens, a well
known standard, i am concerned about the lack of layers of security in my
solution.

So I could implement Oz as lummox authorization protocol, keeping the user
management and authentication components.

Would love to know whether people think this would be a good idea? Do you
see potnential security concerns with this kind of solution?

The code is 100% unit tested so should make changing it's functionality
manageable.

—
Reply to this email directly or view it on GitHub
#39.

from oz.