On Sun, Feb 5, 2017 at 9:41 AM, Gayan Gunawardana <[email protected]> wrote:
> Hi All, > > Conclusion is avoid adding multiple users with same user name from SCIM > [1]. > According to *Unique Attribute *concept Ishara mentioned even though user > core support, having multiple users with same user name we should not do > that. > > If we duplicate username even in user core level there are some other > consequences as well like revoking access tokens for given user will fail. > I don't think. We will store access tokens against the immutable UUID of the user. So duplicate username or modifiable username is not a problem in this case. > > Username can be changed but *must not* duplicate. > Which can be the case for SCIM level, but doesn't need to be the case in identity.mgt level. > > > [1] https://wso2.org/jira/browse/IDENTITY-5698 > > Thanks, > Gayan > > On Fri, Feb 3, 2017 at 2:49 PM, Johann Nallathamby <[email protected]> > wrote: > >> >> >> On Fri, Feb 3, 2017 at 9:42 AM, Farasath Ahamed <[email protected]> >> wrote: >> >>> IIRC, Our plan in C5 was to use the SCIM API for user signup, user >>> provisioning etc. >>> >>> So if the username is a special attribute in SCIM while user core can >>> accommodate duplicate usernames(ie. username need not be unique), when we >>> use SCIM API in the product won't there be a mismatch? >>> >> >> I don't think there will be a issue. Our identity-mgt implementation is >> the lower layer while SCIM is the higher layer. If higher layer is more >> restrictive than lower layer it won't be an issue. Other way around would >> be a issue. >> >> >>> >>> >>> Farasath Ahamed >>> Software Engineer, WSO2 Inc.; http://wso2.com >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @farazath619 <https://twitter.com/farazath619> >>> <http://wso2.com/signature> >>> >>> >>> >>> On Thu, Feb 2, 2017 at 7:41 PM, Gayan Gunawardana <[email protected]> >>> wrote: >>> >>>> >>>> >>>> On Fri, Feb 3, 2017 at 8:29 AM, Johann Nallathamby <[email protected]> >>>> wrote: >>>> >>>>> In our identity-mgt level we don't treat username as a special >>>>> attribute. It's just another attribute. However in certain higher levels >>>>> we >>>>> may need to treat username as a special attribute. We do have a claim for >>>>> username which I think is "http://wso2.org/claim/username";. We can >>>>> treat this claim as the username in higher level implementations. >>>>> >>>>> On Fri, Feb 3, 2017 at 4:12 AM, Chamila Wijayarathna < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Gayan, >>>>>> >>>>>> If we can add multiple users with same user name, why do we need to >>>>>> avoid adding multiple users in SCIM? I don't get the point here. >>>>>> >>>>>> If we consider two users with same username as two entities in server >>>>>> level, it won't be a duplicate resource creation IMO, it will be two >>>>>> different resources with same username. >>>>>> >>>>> >>>>> I guess what Gayan means is in SCIM 2.0 username is a special >>>>> attribute and we can't have two users with same username attribute. It is >>>>> a >>>>> specification of SCIM 2.0. >>>>> >>>> Yes exactly. There should be a way to identify duplicate resource in >>>> the context of SCIM. For user resource it is user name. >>>> >>>>> >>>>>> Regards! >>>>>> >>>>>> On Fri, Feb 3, 2017 at 5:52 AM, Gayan Gunawardana <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> In C4 user name was an unique identifier and we returned http >>>>>>> response 409 (Conflict) if user name already exist [1]. In C5 user name >>>>>>> is >>>>>>> just an another claim and we can add multiple users with same user name. >>>>>>> IMO we should check isUserExist in SCIM level and avoid adding >>>>>>> multiple users with same user name. >>>>>>> >>>>>>> WDYT ? >>>>>>> >>>>>>> [1] https://tools.ietf.org/html/rfc7644#section-3.12 >>>>>>> >>>>>>> Thanks, >>>>>>> Gayan >>>>>>> >>>>>>> -- >>>>>>> Gayan Gunawardana >>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>> Email: [email protected] >>>>>>> Mobile: +94 (71) 8020933 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chamila Dilshan Wijayarathna, >>>>>> PhD Research Student >>>>>> The University of New South Wales (UNSW Canberra) >>>>>> Australian Centre for Cyber Security >>>>>> Australian Defence Force Academy >>>>>> PO Box 7916, Canberra BA ACT 2610 >>>>>> Australia >>>>>> Mobile:(+61)416895795 <+61%20416%20895%20795> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>> Governance Technologies Team >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - *+94777776950* >>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Gayan Gunawardana >>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>> Email: [email protected] >>>> Mobile: +94 (71) 8020933 >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
