Hi All, On Wed, Dec 7, 2016 at 10:06 AM, Ishara Karunarathna <isha...@wso2.com> wrote:
> Hi Nuwan, > > On Wed, Dec 7, 2016 at 9:58 AM, Nuwan Dias <nuw...@wso2.com> wrote: > >> >> On Wed, Dec 7, 2016 at 7:12 AM, Thanuja Jayasinghe <than...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> In the IS 6.0.0 Identity Store design we facilitate to have multiple >>> user domains, each contains one or more identity/credential store >>> connectors. Also, same identity/credential store connector may reside in >>> two different domains. So there is a requirement to identify a user >>> uniquely throughout the system. >>> >> >> I'm finding it hard to understand what is a domain and what is a >> connector :). Are there mails explaining exactly what these are? Sorry if >> I've missed them. >> > You can find it in the following thread [1] > -Ishara > > [1] "User-Core Domain Implementatin" > >> >>> *Approach One* >>> >>> Calculate unique user id as a combination of domain id and connector >>> wise user mappings. Use a signing mechanism to ensure the integrity of the >>> id. >>> >>> Ex: {domain-id}.{connector-id : connector-user-id}*.{digest-value} => >>> 12.{c1:ad...@wso2.com}{c2:78451244}.W4sU2s >>> >>> Pros: >>> >>> - Can verify the user without a database call by recalculating the >>> digest value of the id. >>> - Can identify the domain and connector wise mapping without a >>> database call if server received the id. >>> >>> Cons: >>> >>> - If a connector added or removed from the domain, then the unique >>> id will be a different one. So need to have a constraint there. >>> - In a scenario where we have multiple connectors, during a user >>> claim update, some connectors may be added to the id. Since when we >>> create >>> a user we may not add attributes to all the connectors. >>> - Having a valid unique user id does not guarantee that user still >>> exists in the system. >>> - Unique id may be lengthy. >>> >>> >>> *Approach Two* >>> >>> Calculate unique user id as a combination of domain id and a random UUID. >>> >>> Ex: {domain-id}.{random-uuid} => 12.A1j88KlmSKAl74 >>> >>> Pros: >>> >>> - Can identify the domain without a database call. >>> - Can add or remove connectors without changing the unique user id. >>> - User claim update does not affect the unique user id value. >>> - Fairly small id compared to the approach one. >>> >>> >>> Cons: >>> >>> - Need a database call to get the connector mappings. >>> >>> >>> It feels like approach two is more suitable for the identity store. WDYT? >>> >> With improving the approach two we came up with a model to handle Unique user id. Domain can be created with 4 main ways. 1.Using Read Write (RW) connectors (We can define schema and add same unique ID to each store ) 2.Using Read Write (RW) connectors (We can't define schema and there will be different unique ids in each connector ) 3. Using Read only connector (RO) 4. Using both RO and RW connectors. For each domain type we can configure UUID resolvers, by default we can provide two resolvers for type 1 and 2 and for others can configure custom implementations. Now UUID Ex: {domain-id}.{resolver provided id} So following would be the resolver types. For domain type 1 Same unique id will store in each connectors, so no need to resolve the id. For domain type 2 We need to store mapping between user unique id and connector unique ids, once we got the user unique is resolver need to resolve the connector ID mapping. For domain type 3 This should be specific to domain configuration logic and need to write a custom UUID resolver. For domain type 4 This also would be a custom resolver with type 2 and 4 capabilities. We can discuss more on this. -Ishara >>> Thanks, >>> Thanuja >>> >>> -- >>> *Thanuja Lakmal* >>> Senior Software Engineer >>> WSO2 Inc. http://wso2.com/ >>> *lean.enterprise.middleware* >>> Mobile: +94715979891 +94758009992 >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Nuwan Dias >> >> Software Architect - WSO2, Inc. http://wso2.com >> email : nuw...@wso2.com >> Phone : +94 777 775 729 <+94%2077%20777%205729> >> > > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: > +94717996791 <+94%2071%20799%206791> > > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture