Hi All,
On Wed, Dec 7, 2016 at 10:06 AM, Ishara Karunarathna <isha...@wso2.com>
wrote:
> Hi Nuwan,
>
> On Wed, Dec 7, 2016 at 9:58 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>>
>> On Wed, Dec 7, 2016 at 7:12 AM, Thanuja Jayasinghe <than...@wso2.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> In the IS 6.0.0 Identity Store design we facilitate to have multiple
>>> user domains, each contains one or more identity/credential store
>>> connectors. Also, same identity/credential store connector may reside in
>>> two different domains. So there is a requirement to identify a user
>>> uniquely throughout the system.
>>>
>>
>> I'm finding it hard to understand what is a domain and what is a
>> connector :). Are there mails explaining exactly what these are? Sorry if
>> I've missed them.
>>
> You can find it in the following thread [1]
> -Ishara
>
> [1] "User-Core Domain Implementatin"
>
>>
>>> *Approach One*
>>>
>>> Calculate unique user id as a combination of domain id and connector
>>> wise user mappings. Use a signing mechanism to ensure the integrity of the
>>> id.
>>>
>>> Ex: {domain-id}.{connector-id : connector-user-id}*.{digest-value} =>
>>> 12.{c1:ad...@wso2.com}{c2:78451244}.W4sU2s
>>>
>>> Pros:
>>>
>>> - Can verify the user without a database call by recalculating the
>>> digest value of the id.
>>> - Can identify the domain and connector wise mapping without a
>>> database call if server received the id.
>>>
>>> Cons:
>>>
>>> - If a connector added or removed from the domain, then the unique
>>> id will be a different one. So need to have a constraint there.
>>> - In a scenario where we have multiple connectors, during a user
>>> claim update, some connectors may be added to the id. Since when we
>>> create
>>> a user we may not add attributes to all the connectors.
>>> - Having a valid unique user id does not guarantee that user still
>>> exists in the system.
>>> - Unique id may be lengthy.
>>>
>>>
>>> *Approach Two*
>>>
>>> Calculate unique user id as a combination of domain id and a random UUID.
>>>
>>> Ex: {domain-id}.{random-uuid} => 12.A1j88KlmSKAl74
>>>
>>> Pros:
>>>
>>> - Can identify the domain without a database call.
>>> - Can add or remove connectors without changing the unique user id.
>>> - User claim update does not affect the unique user id value.
>>> - Fairly small id compared to the approach one.
>>>
>>>
>>> Cons:
>>>
>>> - Need a database call to get the connector mappings.
>>>
>>>
>>> It feels like approach two is more suitable for the identity store. WDYT?
>>>
>> With improving the approach two we came up with a model to handle Unique
user id.
Domain can be created with 4 main ways.
1.Using Read Write (RW) connectors (We can define schema and add same
unique ID to each store )
2.Using Read Write (RW) connectors (We can't define schema and there will
be different unique ids in each connector )
3. Using Read only connector (RO)
4. Using both RO and RW connectors.
For each domain type we can configure UUID resolvers, by default we can
provide two resolvers for type 1 and 2 and for others
can configure custom implementations.
Now UUID
Ex: {domain-id}.{resolver provided id}
So following would be the resolver types.
For domain type 1
Same unique id will store in each connectors, so no need to resolve the id.
For domain type 2
We need to store mapping between user unique id and connector unique ids,
once we got the user unique is resolver need to resolve the connector ID
mapping.
For domain type 3
This should be specific to domain configuration logic and need to write a
custom UUID resolver.
For domain type 4
This also would be a custom resolver with type 2 and 4 capabilities.
We can discuss more on this.
-Ishara
>>> Thanks,
>>> Thanuja
>>>
>>> --
>>> *Thanuja Lakmal*
>>> Senior Software Engineer
>>> WSO2 Inc. http://wso2.com/
>>> *lean.enterprise.middleware*
>>> Mobile: +94715979891 +94758009992
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>
>
>
> --
> Ishara Karunarathna
> Associate Technical Lead
> WSO2 Inc. - lean . enterprise . middleware | wso2.com
>
> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile:
> +94717996791 <+94%2071%20799%206791>
>
>
>
--
Ishara Karunarathna
Associate Technical Lead
WSO2 Inc. - lean . enterprise . middleware | wso2.com
email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile:
+94717996791
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
