Criticizing my server database schema?

Question

Criticizing my server database schema?

I am developing a RESTful web application that will provide an authentication system for several other applications. Other applications will request this application via HTTP and return XML describing authenticated users.

An authentication application should track which users are allowed to do what on which applications.

I am developing a database schema. Below is my original design. (Suppose each table has a column id.)

applications  # The various client apps that will query this auth system.
------------
name

users         # Table simplified for discussion
-----
username
password
email

roles
-----
name
application_id

roles_users
-----------
role_id
user_id

, - " ". " " auth " xxx yyy". ( ActiveResource) User , roles Role "ADMIN", Application "" Inventory".

, , applications , , "equipment_inventory_admin", "equipment_inventory_readonly", "job_tracker_admin" ..

, ? , , , , .

+1

authentication database authorization schema

Ethan 29 . '09 20:43

3

. (, , "user" , + user.id )

: , ? MD5 (+ salt ) .

Kerberos? (, HTTP )

+1

Jason S 29 . '09 23:04

. , , . , .

: role_users. , .

0

Ian Jacobs 29 . '09 20:59

Osama Al-Maadeed · Accepted Answer · 2009-01-29T22:39:55+0000

,

<login><username>abc</username><password>xyz</password><app>51</app></login>

<auth> <user> <username>abc</a> <lastlogin>123456464</lastlogin> </user> <app> <name>Equipment Inventory</name> <version>3.1.5e</version> </app> <roles> <role>admin</role> <role>manager</role> <role>dataentry</role> </roles> </auth>

<auth><error type="1"></auth>

Criticizing my server database schema?

More articles: