[Architecture] [IS 6.0.0] Unique User Id for Identity Store

Tue, 06 Dec 2016 17:45:56 -0800 

Hi All,

In the IS 6.0.0 Identity Store design we facilitate to have multiple user
domains, each contains one or more identity/credential store connectors.
Also, same identity/credential store connector may reside in two different
domains. So there is a requirement to identify a user uniquely throughout
the system.

*Approach One*

Calculate unique user id as a combination of domain id and connector wise
user mappings. Use a signing mechanism to ensure the integrity of the id.

Ex: {domain-id}.{connector-id : connector-user-id}*.{digest-value} =>
12.{c1:ad...@wso2.com}{c2:78451244}.W4sU2s

Pros:

   - Can verify the user without a database call by recalculating the
   digest value of the id.
   - Can identify the domain and connector wise mapping without a database
   call if server received the id.

Cons:

   - If a connector added or removed from the domain, then the unique id
   will be a different one. So need to have a constraint there.
   - In a scenario where we have multiple connectors, during a user claim
   update, some connectors may be added to the id. Since when we create a user
   we may not add attributes to all the connectors.
   - Having a valid unique user id does not guarantee that user still
   exists in the system.
   - Unique id may be lengthy.


*Approach Two*

Calculate unique user id as a combination of domain id and a random UUID.

Ex: {domain-id}.{random-uuid} => 12.A1j88KlmSKAl74

Pros:

   - Can identify the domain without a database call.
   - Can add or remove connectors without changing the unique user id.
   - User claim update does not affect the unique user id value.
   - Fairly small id compared to the approach one.


Cons:

   - Need a database call to get the connector mappings.


It feels like approach two is more suitable for the identity store. WDYT?

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to