Hi All, In the IS 6.0.0 Identity Store design we facilitate to have multiple user domains, each contains one or more identity/credential store connectors. Also, same identity/credential store connector may reside in two different domains. So there is a requirement to identify a user uniquely throughout the system.
*Approach One* Calculate unique user id as a combination of domain id and connector wise user mappings. Use a signing mechanism to ensure the integrity of the id. Ex: {domain-id}.{connector-id : connector-user-id}*.{digest-value} => 12.{c1:ad...@wso2.com}{c2:78451244}.W4sU2s Pros: - Can verify the user without a database call by recalculating the digest value of the id. - Can identify the domain and connector wise mapping without a database call if server received the id. Cons: - If a connector added or removed from the domain, then the unique id will be a different one. So need to have a constraint there. - In a scenario where we have multiple connectors, during a user claim update, some connectors may be added to the id. Since when we create a user we may not add attributes to all the connectors. - Having a valid unique user id does not guarantee that user still exists in the system. - Unique id may be lengthy. *Approach Two* Calculate unique user id as a combination of domain id and a random UUID. Ex: {domain-id}.{random-uuid} => 12.A1j88KlmSKAl74 Pros: - Can identify the domain without a database call. - Can add or remove connectors without changing the unique user id. - User claim update does not affect the unique user id value. - Fairly small id compared to the approach one. Cons: - Need a database call to get the connector mappings. It feels like approach two is more suitable for the identity store. WDYT? Thanks, Thanuja -- *Thanuja Lakmal* Senior Software Engineer WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891 +94758009992
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture