E-mail
Blue sky thoughts. Please provide your ideas.
How do we allow external systems to access CRM?
Each external system could have a userID and password. The external system authenticates, just like any other user. If the user has permission to do the reads or writes, the API returns success. If the system does not have permission and tries to make an API call that would not work (write protected data) they get an error.
- This does not allow external systems to control users/ permissions. In the drupal example, the drupal authentication structures should govern permissions about who can write what.
- I suspect this problem has been solved in the web services world somewhere.
Perhaps external systems need to be registered with the CRM. The external system authenticates with CRM. In the API call itself, it sends permissions information (read=yes, write=no) according to the permissions of the user in the external system.
Drupal's Distributed Authentication functionality suggests that role and group based pemissions functionality could be in the CRM system. Basically the CRM system handles authentication and permissions for drupal. Not sure we want to take on that role, but?
PEAR solution (PEAR is already a requirement for CRM): http://www.phpmag.net/itr/online_artikel/psecom,id,595,nodeid,114.html
Drupal Distributed authentication:
http://drupal.org/node/312
1 Comment
Hide/Show CommentsJan 27, 2005
Donald A. Lobo
LiveUser seems to have made a lot of progress since last year and is probably a great starting point for a new permission model for CRM. Drupal's permission scheme is very simplistic and limited that we will use for the first few versions but would definitely need to replace / enhance at some point in time.
As LiveUser mentions there is an explicit distinction between authentication and permission. Thus we would probably continue using the host systems authentication mechanism (in this case, Drupal), but use our own permission system