Hi, In Identity Management we have the concept of unique claims which can only have a unique value within a domain. With the value of a unique claim we can identify a unique user within a domain. While implementing identity management capabilities in IS-6.0 User portal we came across below concerns.
- System can have one or more unique claims. - All the unique claims doesn't have to be required claims. - At least one unique claim has to be required claim. For authentication and recovery scenarios we need to have a unique identifier for users. Currently we use "username" claim. I assume we need to provide the flexibility to change this identifier claim. 1. Do we allow client applications to choose this identifier claim from unique claims? - Then the IS will have to accept any of the unique claims as the user identifier in authentication and validate against it. 2. Otherwise should we keep it as a system wide configuration? 3. For the User Portal, we use 'username' claim as the user identifier. I have noticed we have hard-coded this claim '*http://wso2.org/claims/username <http://wso2.org/claims/username>*'. 1. I think we need to get this value from a configuration. 2. Is it OK to keep this as a configuration within the User Portal. 3. Otherwise where should we keep this? 4. Will this identifier be username, for User portal always? Otherwise we need to have the flexibility of changing UI labels according to the identifier without much effort. 4. Should we support authentication and recovery by multiple identifiers ( ex: username or email or NIC, each representing an individual unique claim) Appreciate your input on this. Thanks! -Ayesha -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palmgrove Avenue, Colombo 3 E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev