Hi All,
We're implementing the Unique User Id concept in C5 User Core. This evolved
as a requirement with the introduction of the Domain model to the User Core.
The user domain model is as follows.
- Users are available in multiple domains.
- Each domain can contain more than one IdentityStoreConnector.
- Each connector will have a set of user attributes.
- A user is an object created by combining all the attributes in
IdentityStoreConnectors for a domain.
- Each user attribute from an IdentityStoreConnector maps to a specific
claim.
When resolving a user, there should be a mapping to identify the same user
between different connectors. For this purpose we're introducing a Unique
User Id concept. The idea behind Unique User Id is as follows.
- A Unique User Id will be unique across the User-Core no matter the
domain the user in.
- This unique Id will be maintained in a database table.
- The table will contain mapping for the Unique Id to each connectors'
individual user Id.
GlobalUniqueId | ConnectorUserId | ConnectorId
When retrieving all the Claims for a User, following sequence will be
followed.
- Get user from primary attribute
- Get unique user Id from mapping table for that user
- Find the connector which has the required attribute
- Get connector specific user Id for the required connector from the
mapping table
- Retrieve attribute value from that connector.
A simplified sequence diagram for this flow is as below.
*Sequence Diagram for getClaim*
One important note on this implementation is that as of the current design
UserCore will not be responsible for populating the unique user Id mapping
table. How and where this should be populated is still an open discussion.
Any suggestions are welcome.
Thanks,
Akalanka.
--
*Darshana Akalanka Pagoda Arachchi,*
*Senior Software Engineer, WSO2*
*+94777118016*
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
