OpenESPI-DataCustodian-java icon indicating copy to clipboard operation
OpenESPI-DataCustodian-java copied to clipboard
verified publisher icon GreenButtonAlliance

User and RetailCustomer as separate entity

Open janad-lh opened this issue 11 years ago • 2 comments

Currently ReatialCustomer & User is same entity and transaction data(e.g. linked to RetialCustomer). In our case, we will have delegated user (where primary customer may provide access to one or more users to view usage of certain accounts). Delegated user may authorize to third-party as well.

janad-lh avatar Nov 17 '14 16:11 janad-lh

Dibyendujana,

While I understand the user case you have listed, it clearly violates The OAuth 2.0 Authorization Framework specification since it only allows a one-to-one authorization. Although it allows the client to function as a "delegated user" it clearly indicates such a role is reserved for resources either owned by the "delegated user" or granted to the "delegated user" by individuals.

dfcoffin avatar Nov 17 '14 16:11 dfcoffin

This (the distinction b/t RetailCustomer and Delegated User) will be managed in conjunction with the support of the RetailCustomer.xsd in R1.3

jateeter avatar Dec 30 '14 23:12 jateeter