scottk/wlan-cloud-owprov
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-owprov.git synced 2025-10-29 09:42:38 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
5d18f7728e73ba1a5681998ad92f714879fb5aab
wlan-cloud-owprov/README.md
stephb9959 5d18f7728e Initial checkins
2021-08-20 09:31:11 -07:00

1.3 KiB
Raw Blame History

OpenWiFi Provisioning

Root entity

It's UUID value is 0000-0000-0000. Its parent entity must be empty.

Entity

You must set the parent of an entity.

Venue

When creating a venue, the top venue must have its entity property set to the owning entity, and its parent property empty. For all sub venues, their entity must be set to empty and its parent entity must be set to the venue above it.

Management policy

{
    "default" : [],
    "acls" : [
        {
            "roles" : [ uuid1, uuid2, uuid3 ],
            "access" : [ READ, WRITE, ... ]
        } ,
        {
            "roles" : [ ... ],
            "access" : [ ... ]
        }
  ]
}

Management roles

Management roles can be created using UUIDs from the SEC service. SEC service may ask prov if deleting a user is OK. PROV should answer with username in use or something like this.

Management roles are created by adding UUIDs into a group. Then that UUID may be used in any management policy.

Management roles must have a quick way to evaluate all the roles a user has. This is important for speed. Roles ddo not use subscribers.

So read all the roles, cross ref all the users sp you can apply access rules against a resource very quickly.

If a user is part of 2 roles, then the access will be agregate. if NONE is found, then NONE wins.