What is a member of the co-op? #7

New issue

Open

opened 2025-12-20 00:11:56 +00:00 by tom · 1 comment

tom commented 2025-12-20 00:11:56 +00:00

Owner

Copy link

People have friends and family [citation needed].

How should access to services work ?

If there are costs or other responsibilities connected with membership, how does that work for "associated" members?

What happens if someone stops being a member?

People have friends and family [citation needed]. How should access to services work ? If there are costs or other responsibilities connected with membership, how does that work for "associated" members? What happens if someone stops being a member?

tom added this to the High-level approach project 2025-12-20 00:11:56 +00:00

tom referenced this issue from a commit 2025-12-27 15:28:23 +00:00

#7 Membership types

tom referenced this issue 2025-12-27 15:28:42 +00:00

#7 Membership types #17

tom commented 2026-04-22 12:28:51 +01:00

Author

Owner

Copy link

In terms of access, I think a pattern may be emerging:

• Full members of the co-op get a "them-users" group that they can manage
• They also get a keycloak realm that they can manage
• By default, their keycloak automatically authenticates against spoons - filtered by membership of the "them-users" group
• Any app configured in keycloak, or using a simple LDAP filter can be limited to only users they've put in their access group

This means that we have two types of user:

• Has login (no access to anything, apart from ID services)
  ** Can be granted access to services by members
• Is member (can create services and grant access to them)

In terms of access, I think a pattern may be emerging: * Full members of the co-op get a "them-users" group that they can manage * They also get a keycloak realm that they can manage * By default, their keycloak automatically authenticates against spoons - filtered by membership of the "them-users" group * Any app configured in keycloak, or using a simple LDAP filter can be limited to only users they've put in their access group This means that we have two types of user: * Has login (no access to anything, apart from ID services) ** Can be granted access to services by members * Is member (can create services and grant access to them)

👍 1

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

services-architecure

1-bootstrapping

7-membership

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

High-level approach

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

spoons.technology/plots#7

No description provided.