Hi,
In Identity Management we have the concept of unique claims which can only
have a unique value within a domain.
With the value of a unique claim we can identify a unique user within a
domain. While implementing identity management capabilities in IS-6.0 User
portal we came across below concerns.
- System can have one or more unique claims.
- All the unique claims doesn't have to be required claims.
- At least one unique claim has to be required claim.
For authentication and recovery scenarios we need to have a unique
identifier for users. Currently we use "username" claim. I assume we need
to provide the flexibility to change this identifier claim.
1. Do we allow client applications to choose this identifier claim from
unique claims?
- Then the IS will have to accept any of the unique claims as the
user identifier in authentication and validate against it.
2. Otherwise should we keep it as a system wide configuration?
3. For the User Portal, we use 'username' claim as the user identifier.
I have noticed we have hard-coded this claim
'*http://wso2.org/claims/username
<http://wso2.org/claims/username>*'.
1. I think we need to get this value from a configuration.
2. Is it OK to keep this as a configuration within the User Portal.
3. Otherwise where should we keep this?
4. Will this identifier be username, for User portal always?
Otherwise we need to have the flexibility of changing UI labels according
to the identifier without much effort.
4. Should we support authentication and recovery by multiple identifiers
( ex: username or email or NIC, each representing an individual unique
claim)
Appreciate your input on this.
Thanks!
-Ayesha
--
*Ayesha Dissanayaka*
Software Engineer,
WSO2, Inc : http://wso2.com
<http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
20, Palmgrove Avenue, Colombo 3
E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
