Reputation: 135
DDD:- How to organize Identity Access features in a solution?
Shall i put my identity access (Authentication and Authorization) in the shared kernel or create a separate bounded context called for example:- IdentityAccess
- If i put my identity access in the shared kernel, then the shared kernel will be bloated. the shared kernel should contain basic contracts such as BaseEntity or BasicValueObject to ease the development process
- If i choose to make the identity accesss in a different bounded context, then how the other bounded contexts will apply permissions
keep in mind, the identity access will contain a lot of features like User Login and Permission Management like(Create Users, rules and Groups)
Upvotes: 4
Views: 2059
Answers (1)
Reputation: 9509
Identity access should NOT contain Permission management; those are business functions belonging in the separate context, see this pic from Martin Fowler: 
Instead of Customer and Product in your case it will be Permission/Role/User etc. that exist in both bounded contexts.
So you should have:
- Context for authentication/authorization
- Context for permission management
- Business contexts.
Then you need to organise the code in such a way that user interaction always goes through (1) but in a way that is opaque to (2) and any number of (3).
Specifically, you should NOT worry about permissions in the business context because it should never be invokable if the user does not have appropriate permissions.
Upvotes: 2
Related Questions
- How do you weave Authentication, Roles and Security into your DDD?
- Handle Authorization and Authentication in DDD
- Exposing ASP.NET Identity Services in DDD
- DDD - Implementing authorization invariants
- Abstracting Identity 2.0 to domain model layer
- ASP.NET Identity in Domain Driven Design Architecture
- DDD Bounded Context "integration"
- Is there a thing as domain security in DDD?
- DDD: Model local identity inside agregate root
- DDD User Security Policies