Hi all, On Thu, Apr 28, 2016 at 12:08 PM, Malithi Edirisinghe <malit...@wso2.com> wrote:
> > Hi All, > > I'm working on supporting user information recovery scenarios in IS user > portal [1]. > > While discussing on the user aspects of password recovery with security > questions, with UX team we came across the below concern. > > 1. Should we view all of the security questions chosen by the user, from > each question set, in the same page > > 2. Should we view the question chosen from each question set in a separate > page, and make the user to go page by page answering each question > > If we chose option (1) we should be able to verify user answers for all > the questions in a one step. If all are answered properly we will let the > user to proceed, or else we will notify the user that he has not correctly > answered to one or more, in the next page. > If we chose option (2) in each step we will verify the user's answer to > the question prompted. If the first one is properly answered prompt the > second question and let him to proceed similarly or else break the flow. > > However, with information recovery service implementation at IS , we can > only support option (2) at the moment. > But, as it seems most of the sites opt for option (1). > > Yes. In the currently implementation we can support only option 2. When we are desiging Identity Management Java API s for IS 5.3.0 release, it is better to support java API for both of above scenarios. Thanks Isura We would like to clarify on which option we should proceed with. Also, > would like to clarify on any security concerns with regard to above options. > > Appreciate your thoughts. > > > [1] https://wso2.org/jira/browse/IDENTITY-3300 > > Thanks, > Malithi. > -- > > *Malithi Edirisinghe* > Senior Software Engineer > WSO2 Inc. > > Mobile : +94 (0) 718176807 > malit...@wso2.com > -- Isura Dilhara Karunaratne Senior Software Engineer Mob +94 772 254 810
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
