On Tue, Oct 22, 2013 at 5:41 PM, Venura Kahawala <ven...@wso2.com> wrote:
> Hi, > > Also - how spec compliant - is it to do a PUT directly on Users ? >> > > Doing a PUT operation on user resource is acceptable but this operation > will replace the resource. We need to implement the PATCH operation in > order to perform correct update operation. > Can you please point to the spec...? Thanks & regards, -Prabath > > >> >> Thanks & regards, >> -Prabath >> >> On Tue, Oct 22, 2013 at 5:01 PM, Venura Kahawala <ven...@wso2.com> wrote: >> >>> Hi, >>> >>> We do not send two separate calls, Since user name is a unique attribute >>> SCIM providers handle the request by taking the user name and identifying >>> to which resource the operation should be applied. >>> >>> Regards, >>> Venura >>> >>> >>> On Tue, Oct 22, 2013 at 9:15 AM, Prabath Siriwardena >>> <prab...@wso2.com>wrote: >>> >>>> >>>> On Tue, Oct 22, 2013 at 3:09 PM, Ishara Karunarathna >>>> <isha...@wso2.com>wrote: >>>> >>>>> No, We do not maintain a list, instead we get the scimId of the user >>>>> being provisioned from the particular provider >>>>> by filtering with user name. >>>>> >>>> >>>> So - for each outbound provisioning - there are two calls..? One to get >>>> the id - and then to do the actual SCIM provisioning request ? >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>>> >>>>> In consumer side externaid is useful, but in the [2] case it would be >>>>> better if we need, keep returned scimId's mapping to >>>>> Consumer's scimId as it it unique. >>>>> >>>>> Thanks, >>>>> -Ishara >>>>> >>>>> >>>>> On Tue, Oct 22, 2013 at 4:53 AM, Prabath Siriwardena <prab...@wso2.com >>>>> > wrote: >>>>> >>>>>> When IS provisions users to other connected systems - are we >>>>>> maintaining the list of id's returned by each CSP...? >>>>>> >>>>>> IMO externaid is also useful. A given externalid could map to >>>>>> multiple id's returned by CSPs. >>>>>> >>>>>> Thanks & regards, >>>>>> -Prabath >>>>>> >>>>>> >>>>>> On Tue, Oct 22, 2013 at 8:25 AM, Ishara Karunarathna < >>>>>> isha...@wso2.com> wrote: >>>>>> >>>>>>> Hi Prabath, >>>>>>> >>>>>>> id (scimId attribute) >>>>>>> Mandatory attribute, Random value generated by each Service >>>>>>> Provider, Unique to each service provider, immutable >>>>>>> >>>>>>> exernalId >>>>>>> Is not an mandatory attribute, Will be generated by consumers, >>>>>>> unique across all Service Providers, not immutable >>>>>>> >>>>>>> userName >>>>>>> Mandatory attribute, generated by consumer, unique across all >>>>>>> Service Providers, immutable >>>>>>> >>>>>>> >>>>>>> >>>>>>> 1. SCIM consumer sends a provisioning request to IS - which is the >>>>>>> SCIM CSP. >>>>>>> If exernalId is available it will be stored as a user attribute. >>>>>>> Randomly created a id and store under scimId attribute >>>>>>> >>>>>>> >>>>>>> 2. [1] & Identity Server provisions the user to other CSPs >>>>>>> If externalId available it will provision to other service providers >>>>>>> scimId will not provision, each service provider will create its own >>>>>>> scimId >>>>>>> >>>>>>> >>>>>>> 3. Adding user from the IS management console and provision the user >>>>>>> to other connected CSP. >>>>>>> When a user added from Management console automatically scimId >>>>>>> generated and stored as user attribute. >>>>>>> externalId will not be generated >>>>>>> When that user provision to other service providers it will work as >>>>>>> scenario [2] >>>>>>> >>>>>>> In all of these scenarios username will be unique and will provision >>>>>>> to other service providers. >>>>>>> >>>>>>> Users generated from Management console will provision to service >>>>>>> providers only if they are configured as global service providers. >>>>>>> >>>>>>> implementation will not change for LDAP and JDBC but in LDAP or AD >>>>>>> claim mapping should be set to SCIM attributes (externalId, scimId etc). >>>>>>> >>>>>>> IMO externalId is not an useful attribute in the spec. [1] here >>>>>>> there are some arguments on this. >>>>>>> [1] http://www.infoq.com/articles/scim-data-model-limitations >>>>>>> >>>>>>> Please add something mission or wrong. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> >>>>>>> On Mon, Oct 21, 2013 at 10:45 PM, Prabath Siriwardena < >>>>>>> prab...@wso2.com> wrote: >>>>>>> >>>>>>>> There are three use cases.. >>>>>>>> >>>>>>>> 1. SCIM consumer sends a provisioning request to IS - which is the >>>>>>>> SCIM CSP. >>>>>>>> 2. [1] & Identity Server provisions the user to other CSPs >>>>>>>> 3. Adding user from the IS management console and provision the >>>>>>>> user to other connected CSP. >>>>>>>> >>>>>>>> How do we handle id/externalid/userName in above three cases..? >>>>>>>> Also please explain this both in the case of LDAP and JDBC based user >>>>>>>> stores. >>>>>>>> >>>>>>>> For [2] and [3] - what is the externalid we have..? >>>>>>>> >>>>>>>> *id* Unique identifier for the SCIM Resource as defined by the >>>>>>>> Service Provider. Each representation of the Resource MUST include a >>>>>>>> non-empty id value. This identifier MUST be unique across the Service >>>>>>>> Provider’s entire set of Resources. It MUST be a stable, >>>>>>>> non-reassignable >>>>>>>> identifier that does not change when the same Resource is returned in >>>>>>>> subsequent requests. The value of the id attribute is always issued by >>>>>>>> the >>>>>>>> Service Provider and MUST never be specified by the Service Consumer. >>>>>>>> bulkId: is a reserved keyword and MUST NOT be used in the unique >>>>>>>> identifier. REQUIRED and READ-ONLY. >>>>>>>> >>>>>>>> *externalId* An identifier for the Resource as defined by the >>>>>>>> Service Consumer. The externalId may simplify identification of the >>>>>>>> Resource between Service Consumer and Service provider by allowing the >>>>>>>> Consumer to refer to the Resource with its own identifier, obviating >>>>>>>> the >>>>>>>> need to store a local mapping between the local identifier of the >>>>>>>> Resource >>>>>>>> and the identifier used by the Service Provider. Each Resource MAY >>>>>>>> include >>>>>>>> a non-empty externalId value.The value of the externalId attribute is >>>>>>>> always issued be the Service Consumer and can never be specified by the >>>>>>>> Service Provider. The Service Provider MUST always interpret the >>>>>>>> externalId >>>>>>>> as scoped to the Service Consumer’s tenant. >>>>>>>> >>>>>>>> *userName* Unique identifier for the User, typically used by the >>>>>>>> user to directly authenticate to the service provider. Often displayed >>>>>>>> to >>>>>>>> the user as their unique identifier within the system (as >>>>>>>> opposed to id or externalId, which are generally opaque and not >>>>>>>> user-friendly identifiers). Each User MUST include a non-empty userName >>>>>>>> value. This identifier MUST be unique across the Service Consumer’s >>>>>>>> entire >>>>>>>> set of Users. REQUIRED. >>>>>>>> >>>>>>>> >>>>>>>> Thanks & Regards, >>>>>>>> Prabath >>>>>>>> >>>>>>>> Mobile : +94 71 809 6732 >>>>>>>> >>>>>>>> http://blog.facilelogin.com >>>>>>>> http://RampartFAQ.com >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ishara Karunarathna >>>>>>> Software Engineer >>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>> >>>>>>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, >>>>>>> mobile: +94 718211678 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Prabath >>>>>> >>>>>> Mobile : +94 71 809 6732 >>>>>> >>>>>> http://blog.facilelogin.com >>>>>> http://RampartFAQ.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Software Engineer >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94 >>>>> 718211678 >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://RampartFAQ.com >>>> >>> >>> >>> >>> -- >>> Senior Software Engineer >>> >>> Mobile: +94 71 82 300 20 >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > Both above mentioned improvements have been suggested in the SCIM road map > thread ([IS] Roadmap for user/identity provisioning). > > Regards, > Venura > > -- > Senior Software Engineer > > Mobile: +94 71 82 300 20 > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture