UI vs. Specification
Mockups
This app, listing all the permissions, would be the trusted agent of the user, allowing him to manage his/her data.
This would be a list of the organizations you shared data with. As organizations are agents, like a user, we should accept users in this list (ie: I shared data with bob). This require we implement a process which is not described in the spec : parse all the alice's access grants and list the organizations from here.
Or maybe this should display the application registrations (apps I agreed to use) ? In any case, we should find a place where it's displayed.
As for "Welcome", it requires that we parse all the access grants of alice to group them per agent. This is a custom implementation but should be possible.
This matches perfectly with the user data registrations, which are already organized by types.
This would show the list of the access grants given by alice for its account. If we want to do that, we need to read all the access grants subjects to keep only the ones related to alice's account.
Same below with the access requests.
List of all the data registrations of a specific type. Matches very well with the spec.
We should also be able to select which resources we need to share or not depending of the platforms.
The spec does not allow easily to "give access to all resources of a type", and then "change access for 1 specific resource". But this can be implemented on the Startinblox side.
Maybe we need to make sure the user understands that the access presented here are the one which were selected for the whole list of resources.
I'm not sure on how it's easy to implement these permissions.
According to the most common use case of the spec, it will automatically share the resource with all the organizations where your list of resources is shared. ie: I shared my list of resources with Happy Dev, all the new ones I create will automatically be shared.
If, for some organizations, you shared only a sublist of resources, you can add specific permissions here. You should be able to give access to any agent (a user or an organization). "Everyone" and "everyone except" seems complicated to handle in a federated world and this spec.
The groups can be a custom implementation, as it's not described in the spec.
This is a list of what an organization has access. Should be ok to implement.
Not in the mockups
- We should display all the access we have as a user (access receipts)
- We should display the apps we agreed to use: application registrations. This is different that the data I shared with organizations.
- We should have a way to act on the behalf of an organization. ie:
- I'm an admin, and someone requested access to a circle of Happy Dev Paris, I should be able to accept or reject it.
- I should be able to see what's shared with other organizations and users (access receipts)