On Fri, Jul 20, 2018 at 9:08 AM Hasintha Indrajee <hasin...@wso2.com> wrote: Hi Hasintha,
> > On Thu, Jul 19, 2018 at 5:45 PM Hasintha Indrajee <hasin...@wso2.com> > wrote: > >> Current behavior of our self sign up page is getting user attributes >> based on "required" and "mandatory" attributes which are defined against >> claims. Also certain claims such as first name and last name are anyway >> taken from the user who is getting registered irrespective of whether they >> are marked as mandatory or required in respective claims. This seems >> irrational in certain contexts. >> >> We don't have a good control over the attributes which we are getting >> while self sign up. Secondly we don't have a proper way to validate with >> purposes PII categories with user given attributes, because we have no >> connection at all between these two sets. >> >> One of the ways to avoid this is, we can ask admins to configure required >> and mandatory claims with whatever the PIIs defined under self sign up >> purposes. >> >> Instead of that, what about getting required attributes for self sign up >> from consent purposes defined for self registration under specific tenant >> ?. Mandatory PIIs will be the mandatory user attributes while singing up. >> The rationale behind this is, if the system stores a certain attribute of a >> user other than the username and password, the system should get consent of >> the user and also respective purposes should be shown to the user and >> should have a valid consent for each attribute under respective purpose. >> With this new approach, self registration attributes other than username >> and password will be decided from purposes which are configured for >> self-registration. With this, it makes sense and makes possible to validate >> user input attributes with purposes and mandatory PIIs of purposes. >> Additionally we have control over user attributes which we should gather >> while self signing up without depending on claim configurations. >> >> In a case if someone doesn't want this new behavior, they can keep using >> the old behavior. WDYT ? >> > +1 for the approach. There are three types of self signup stories. - No consents requires (No singup consents defined) - Consent uses only in SSO flows (No singup consents defined) - Consent uses in the signup flow We need to use the exising signup claims in story 1 and 2. Is this the same approach we are going to follow in JIT consents? There might be attributes comming from the federated IDP which are not configured in the JIT consents purposes. How do we handle such cases? Are we going to skip those attributes? Thanks Isura. > >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 >> >> > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 > > -- *Isura Dilhara Karunaratne* Associate Technical Lead | WSO2 <http://wso2.com/> *lean.enterprise.middleware* Email: is...@wso2.com Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
