Design

1 files changed, 21 insertions, 0 deletions

diff --git a/topics/authentication/authentication-authorisation-design.gmi b/topics/authentication/authentication-authorisation-design.gmi
new file mode 100644
index 0000000..e31b760
--- /dev/null
+++ b/topics/authentication/authentication-authorisation-design.gmi
@@ -0,0 +1,21 @@
+# Authentication/authorisation design
+
+## Authentication
+
+* Local database should be independent from other services and copied as a file (SQLite with JSON?)
+* Later use other providers, such as gmail
+* Later provide REST API & token access
+
+## Authorisation
+
+* Users (authenticated)
+* Groups (users are members and you have a group leader) - every user belongs to one group!
+* Roles define access control (groups have flexible roles) - group can create unique roles
+* Resources (pretty flexible, give access to roles) - every data resource is owned by one group!
+* Some users can add themselves to groups/roles
+* Local database should be independent from other services and copied as a file (SQLite with JSON?)
+* Later provide REST API & token access
+
+## Web front-end
+
+* Web front-end which allows management of these users/groups/roles/resources