|
| 1 | +# Protocol |
| 2 | + |
| 3 | +**Attendees:** Philipp, Hansjörg, Hans |
| 4 | + |
| 5 | +# Housekeeping |
| 6 | +- Please add more use cases [-> google doc](https://docs.google.com/document/d/1B_4wSOBe-_Xbws6fjlk9s0xV1F6zA5BmXvNmRCulr_s/edit?usp=sharing) |
| 7 | + |
| 8 | +# Topics |
| 9 | +**Tenant/User (T/U) in general** |
| 10 | +1. investigated references and concepts already discussed or developed within OIH, found a few references |
| 11 | +* [MetaModel](../MasterDataModels/MetaModel.md) |
| 12 | +* [OihMessage](https://github.com/openintegrationhub/Data-and-Domain-Models/blob/oihHeader/MasterDataModels/Assets/OihMessage.svg) |
| 13 | +2. IAM service organizes users as members of distinct tenants |
| 14 | +* [OIH IAM Service](https://github.com/openintegrationhub/openintegrationhub/tree/master/services/iam) |
| 15 | + |
| 16 | +First conclusions |
| 17 | +- T/U Rarely referenced nor specified in a generic way |
| 18 | +- IAM implements simple T/U to authorize account management |
| 19 | +- -> design T/U Data Model to equalize existing concepts |
| 20 | + |
| 21 | +**Rights & Permissions** |
| 22 | + |
| 23 | +Discussed following scenarios |
| 24 | + |
| 25 | +1. |
| 26 | +- Service A has access management |
| 27 | +- Service B spares access control, all data is public |
| 28 | +- Sensitive data will be transferred from A to B and is henceforth public |
| 29 | +2. |
| 30 | +- Organization provides a pipeline to transfer data from Service A to Service B |
| 31 | +- Members with access to flow will transfer data without holding individual rights |
| 32 | + |
| 33 | +Consequential issues |
| 34 | +- Do we have to find intersections between different access rights and derive suitable permissions? Optional or mandatory? |
| 35 | +- Could we store tokens for different users, flows, tenants - delegate access management to every service involved? |
| 36 | + |
| 37 | + |
| 38 | + |
| 39 | +## Next Steps |
| 40 | +- Further discussion on topics |
0 commit comments