On Tue, Jan 23, 2018 at 10:35 AM, Omindu Rathnaweera <omi...@wso2.com> wrote:
> > Hi Maduranga, > > On Tue, Jan 23, 2018 at 10:23 AM, Maduranga Siriwardena < > madura...@wso2.com> wrote: > >> Hi all, >> >> Web app name we have come up for this endpoint is api#identity#user#v1.0 >> and the path for the endpoint is /pi/users/{userId}. So the whole endpoint >> would be >> >> - for super tenant, >> >> /api/identity/user/v1.0/pi/users/{userId} >> >> >> - for tenant, >> >> /t/{tenant-domain}/api/identity/user/v1.0/pi/users/{userId} >> >> Our initial plan was to use the ID used in Pseudonyms for username >> feature [1]. But as the ID used by Pseudonyms for username feature is not >> available to outside, we cannot use it here. Next option available to us is >> the ID used in SCIM. But as it is not mandatory to have SCIM ID in system >> (when SCIM is disabled), we cannot use this option also. >> >> Because of above reasons, we are planing to use base 64 encoded fully >> qualified username as the userId in the above request. >> > > Would like to know the rationale behind base64 encoding the username. Also > if it has to be b64 encoded for some reason then it should be base64 URL > encoded I believe. > Yes this should be url encoding. > > >> >> Do you have any suggestions? >> >> [1] [Architecture] GDPR - Pseudonyms For Username >> >> Thanks, >> >> On Mon, Jan 22, 2018 at 5:52 PM, Hasintha Indrajee <hasin...@wso2.com> >> wrote: >> >>> In a federated user scenario, we neither have user information nor email >>> address of the user in a case if the user is not JIT. Hence we won't be >>> able to share consents with user in an offline method. But still for >>> federated users we need to maintain consents which we give out to SPs. We >>> can process this offline and store somewhere (consent info ready for >>> download). The way we share will depend. eg - For the users who have emails >>> we can send them through an email (as a download link). If not we can share >>> those information through another medium (eg - user profile at a later >>> login) >>> >>> On Mon, Jan 22, 2018 at 5:40 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote: >>> >>>> Hi Hasintha, >>>> We do not need to export anything we do not keep in our databases. >>>> Could you please explain further if we need to do anything extra for >>>> Federated case. >>>> >>>> Cheers, >>>> Ruwan >>>> >>>> On Mon, Jan 22, 2018 at 5:33 PM, Hasintha Indrajee <hasin...@wso2.com> >>>> wrote: >>>> >>>>> Just a quick question. How are we going to cater consents for >>>>> federated user ? Having consent from 3rd party IDP to IS will not be >>>>> enough >>>>> AFAIU. If we are sharing those information through an SP we need to >>>>> maintain those consents as well. WDYT ? >>>>> >>>>> In that case how can federated users download their consents ? >>>>> >>>>> On Mon, Jan 22, 2018 at 5:25 PM, Omindu Rathnaweera <omi...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Maduranga, >>>>>> >>>>>> In the consent API we do not have the option to get multiple >>>>>> receipts, the API only returns a list of receipt IDs for a given search >>>>>> criteria. If you need to include receipt data of all the consent entries, >>>>>> you will have to iterate through all the consent IDs and fetch the >>>>>> individual receipts. Keep in mind that this will likely to generate a >>>>>> payload of a considerable size. >>>>>> >>>>>> Regards, >>>>>> Omindu. >>>>>> >>>>>> >>>>>> On Mon, Jan 22, 2018 at 5:12 PM, Maduranga Siriwardena < >>>>>> madura...@wso2.com> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> We are creating a REST API to export user information for IS 5.5.0. >>>>>>> >>>>>>> Swagger at [1] is the initial design of the API. >>>>>>> >>>>>>> In the initial phase we are allowing the data to be exported only by >>>>>>> the owner of the profile. >>>>>>> >>>>>>> At the moment we are planing to export basic user profile >>>>>>> information and the consents user has given. Response JSON has 2 parts >>>>>>> in >>>>>>> it. >>>>>>> >>>>>>> - basic: this part will have the users profile information >>>>>>> (claims) in wso2 dialect >>>>>>> - consents: this part will have an array of consents user has >>>>>>> provided to the Identity Server. Though in the swagger it is >>>>>>> represented >>>>>>> with the ID of the consent receipt, the actual response will consist >>>>>>> of the >>>>>>> whole consent receipt. (Refer mail thread [2] @ >>>>>>> architecture@wso2.org for more information) >>>>>>> >>>>>>> Below is a sample JSON response. >>>>>>> >>>>>>> { >>>>>>> "basic": { >>>>>>> "http://wso2.org/claims/userid": "92d6513e-f4ca-4438-b403-98380 >>>>>>> 695ed08", >>>>>>> "http://wso2.org/claims/username": "maduranga", >>>>>>> "http://wso2.org/claims/givenname": "Maduranga", >>>>>>> "http://wso2.org/claims/lastname": "Siriwardena", >>>>>>> "http://wso2.org/claims/emailaddress": "madura...@wso2.com", >>>>>>> "http://wso2.org/claims/telephone": "+94711111111 >>>>>>> <+94%2071%20111%201111>" >>>>>>> }, >>>>>>> "consents": [ >>>>>>> { >>>>>>> "id": "bc53e7bd-013d-4020-b522-1915ada1f305" >>>>>>> } >>>>>>> ] >>>>>>> } >>>>>>> >>>>>>> Do you have any suggestions for additional types of information to >>>>>>> be included in the response? >>>>>>> >>>>>>> [1] https://app.swaggerhub.com/apis/Maduranga/PersonalInform >>>>>>> ationExport/1.0.0 >>>>>>> [2] Consent Management APIs for IS 5.5.0 >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> -- >>>>>>> Maduranga Siriwardena >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc; http://wso2.com/ >>>>>>> >>>>>>> Email: madura...@wso2.com >>>>>>> Mobile: +94718990591 <+94%2071%20899%200591> >>>>>>> Blog: *https://madurangasiriwardena.wordpress.com/ >>>>>>> <https://madurangasiriwardena.wordpress.com/>* >>>>>>> <http://wso2.com/signature> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Omindu Rathnaweera >>>>>> Senior Software Engineer, WSO2 Inc. >>>>>> Mobile: +94 771 197 211 <077%20119%207211> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> Architecture@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Hasintha Indrajee >>>>> WSO2, Inc. >>>>> Mobile:+94 771892453 <+94%2077%20189%202453> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> d...@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Hasintha Indrajee >>> WSO2, Inc. >>> Mobile:+94 771892453 <+94%2077%20189%202453> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> d...@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Maduranga Siriwardena >> Senior Software Engineer >> WSO2 Inc; http://wso2.com/ >> >> Email: madura...@wso2.com >> Mobile: +94718990591 <+94%2071%20899%200591> >> Blog: *https://madurangasiriwardena.wordpress.com/ >> <https://madurangasiriwardena.wordpress.com/>* >> <http://wso2.com/signature> >> >> _______________________________________________ >> Dev mailing list >> d...@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > Thanks, > Omindu. > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> > -- Maduranga Siriwardena Senior Software Engineer WSO2 Inc; http://wso2.com/ Email: madura...@wso2.com Mobile: +94718990591 Blog: *https://madurangasiriwardena.wordpress.com/ <https://madurangasiriwardena.wordpress.com/>* <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture