What we are trying to do is,
Let us suppose we have 4 users(u1,u2,u3,u4)
Now u1 and u2 have 3 privileges p1, p2 and p3
Similarly u3 and u4 have 2 privileges p4 and p5
We want to group the users together based on the privileges
Say u1 and u2 belongs to group g1, u3 and u4 belongs to group g2
And we want this attribute to be part of scope, preferably "openid", so that we can decrypt the token any where we want and get the privileges information from it.
We were thinking is there a way to create a group level attribute say "Privileges" which we can set for each group
and each member of that group inherits it.
Some of our customers may have an existing ldap server others may not.
We are concerned with both the scenarios.
If this is not possible can you suggest a way in which we can achieve something similar to it.