Rudder

This is a natural enhancement on user management in Rudder.

Basically, their is three things to manage with user, which are separated from a strict Identity and Access Management, but are generally linked from a data-centric point of view (these are nothing new, but I but then for context):

- user identification: from what you say/know, I can bound to you a set of datas (name, email, etc)
- user authentication: given some protocol and access context, challange the user and issue an authentication token
- user authorization: given some identified user and authentication token, give credentials to do things.

The first two are most of the time company-wide, the last is necessarilly bound to the application (even if the mapping between user and rights is outside the application).

In Rudder, we are only managing rights (in the XML file, no other way for now). We have nothing for identification beyond the scrict minimum identification token used to allows authentication. And authentication is plugable, with defaults connector to the rudder user file and LDAP.

So, what you (naturally) ask is to properly manage user identification, beyond just the pivot attribut used for authentication.

For conclusion: it's on the roadmap, on a not to hight priority for now.