| Wiki Markup |
|---|
{gliffy:name=account_provisioning_3rdparty_idp|space=collectionspace|page=Account Service Description and Assumptions|pageid=27099214|align=left|size=M}
{gliffy:name=account_provisioning_csip|space=collectionspace|page=Account Service Description and Assumptions|pageid=27099214|align=left|size=M}
{note}work in progress{note}
{div:style=font-weight:bold;font-size:1.2em;}[Account Service Home]{div}
{toc:minLevel=3|maxLevel=5}
h3.Description
Account service offers operations to manage a CollectionSpace account. To securely access the CollectionSpace services, an account for a user is required in the system. An account is associated with an identity. The identity could either reside in [collectionspace:CollectionSpace Identity Provider (CSIP)] which is the default identity provider or a foreign identity provider such as [CalNet|https://calnet.berkeley.edu/] or an [OpenID provider|http://openid.net/get-an-openid/].
{note}In release 0.4 only CSIP is supported{note}
h3. Key Concepts
A CollectionSpace user's identity could reside in the default identity provider or a foreign identity provider. Account Service manages an identity only if the identity is stored in the realm managed by the default identity provider. That means, Account Service also provides identity management functions for the default identity provider.
h4. Relationships
Following describes the relationship between an Account, a Person and a User in the [default identity provider|collectionspace:CollectionSpace Identity Provider (CSIP)].
{gliffy:name=account_relationships|space=collectionspace|page=Account Service Description and Assumptions|pageid=27099214|align=left|size=M}
An account is associated with one Person in CollectionSpace. An account is always associated with one user identity.
h4. Assumptions
# In a multi-tenant SaaS deployment of CollectionSpace, it is assumed that account service is consumed by users with privileges to manage accounts for a tenant.
# Tenant context (id) is never available to the account service consumer nor is required to be provided by the consumer.
h5. Assumptions for managing account with identity managed by [CollectionSpace Identity Provider|collectionspace:CollectionSpace Identity Provider (CSIP)]
{multi-excerpt-include:pageTitle=CollectionSpace Identity Provider (CSIP)|name=assumptions for csip|nopanel=true}
h4. Relationships
Following describes the relationship between an Account, a Person and a User in the [default identity provider|collectionspace:CollectionSpace Identity Provider (CSIP)].
{gliffy:name=account_relationships|space=collectionspace|page=Account Service Description and Assumptions|pageid=27099214|align=left|size=M}
An account is associated with one Person in CollectionSpace. An account is always associated with one user identity.
h4. Account Provisioning
h5. CollectionSpace identity provider
{gliffy:name=account_provisioning_csip|space=collectionspace|page=Account Service Description and Assumptions|pageid=27099214|align=left|size=M}
h5. 3rd party identity provider
{gliffy:name=account_provisioning_3rdparty_idp|space=collectionspace|page=Account Service Description and Assumptions|pageid=27099214|align=left|size=M}
h4. Issues
{multi-excerpt-include:pageTitle=Authentication Service Description and Assumptions|name=issue sign up a user|nopanel=true}
{note}
* The Person Service is the System of Record (SOR), or authoritative data source, for personIds.
* The SOR for systemIds is TBD.
{note}
h3. References
# [collectionspace:Authentication Service Description and Assumptions]
# [collectionspace:CollectionSpace Identity Provider (CSIP)]
# [Design notes for multi-tenancy in CollectionSpace]
h3. Questions
|
Content Comparison
General
Content
Integrations