From 8b758d38eefd93f03658d517e06e3bcb0e95d356 Mon Sep 17 00:00:00 2001
From: Pjotr Prins
Date: Mon, 17 Oct 2022 12:44:35 +0200
Subject: Design

---
 .../authentication-authorisation-design.gmi         | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 topics/authentication/authentication-authorisation-design.gmi

diff --git a/topics/authentication/authentication-authorisation-design.gmi b/topics/authentication/authentication-authorisation-design.gmi
new file mode 100644
index 0000000..e31b760
--- /dev/null
+++ b/topics/authentication/authentication-authorisation-design.gmi
@@ -0,0 +1,21 @@
+# Authentication/authorisation design
+
+## Authentication
+
+* Local database should be independent from other services and copied as a file (SQLite with JSON?)
+* Later use other providers, such as gmail
+* Later provide REST API & token access
+
+## Authorisation
+
+* Users (authenticated)
+* Groups (users are members and you have a group leader) - every user belongs to one group!
+* Roles define access control (groups have flexible roles) - group can create unique roles
+* Resources (pretty flexible, give access to roles) - every data resource is owned by one group!
+* Some users can add themselves to groups/roles
+* Local database should be independent from other services and copied as a file (SQLite with JSON?)
+* Later provide REST API & token access
+
+## Web front-end
+
+* Web front-end which allows management of these users/groups/roles/resources
-- 
cgit v1.2.3