• A realm is run-time instance identifying a security domain

• Bivio::Auth::Realm is superclass of all realms

• Bivio::Auth::Realm::General is singleton, and has no owner

• Bivio::Auth::Realm::Club is instantiated with an owner of type CLUB

• Bivio::Auth::Realm::User is instantiated with an owner of type USER

• Current realm instance is held in auth realm attribute of

  request

• b-realm-admin command manages Realm, User, and RealmUser relationships

Notes:

A realm is a run-time-only instance, not directly represented in the database. The RealmOwner model identifies the owner, which identifies all the data associated with a realm. Tasks only exist in code, and realms identify the context in which a task executes, which includes what tasks may be executed within the realm itself. The method can_user_execute_task answers that question.

Realms inherit most of their API from their superclass Bivio::Auth::Realm. The General realm is a singleton, and it is the only realm without an owner attribute. The other two realm types ( Club and User) are instantiated with a RealmOwner instance assigned to their owner attributes.

The realm in which the task executes is identified by the auth realm attribute of Bivio::Agent::Request. The RealmOwner.realm_id of the auth realm is stored in the auth id attribute of the request, too. This is a convenient shorthand, and is the value added to the queries by Bivio::Biz::PropertyModel and Bivio::Biz::ListModel.

The command line utility b-realm-admin lets you manipulate realms via the command line, like all bOP ShellUtils via APIs: create_user, delete_user, invalidate_password, join_user, etc.)