On Mon, Feb 20, 2017 at 4:36 PM, Ayesha Dissanayaka <aye...@wso2.com> wrote:
> Hi Johann, > > Thanks for the clarification. > > On Mon, Feb 20, 2017 at 2:20 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Password based authentication - yes. Since we take in a password that has >> very low probability of being the same of another user within the domain >> for the same claim identifier, we can actually allow authentication with >> any claim - doesn't necessarily have to be unique. >> > So, we can choose some claim as the identifier for password based > authentication at a time as a configuration in the User Portal. > +1 > > >> However for recovery we must identify user uniquely and for that we need >> to have a set of claims that identify the user uniquely within a domain. >> Again can we use the attribute profile concept here? >> > > Agreed that we use attribute profile based approach for username recovery. > For password recovery do we need to follow that approach. Shouldn't this > align with whatever the claim users use to authenticate to the system in > password based authentication? > for example, a system may choose to use email claim as login identifier. > Then shouldn't we ask for the same identifier at password recovery of that > system? > In that case if we use a claim which is not unique, it will be hard to > identify the user for password recovery. > So seems there are two options. 1. Use single unique identifier for authentication and password recovery - if not can't do password recovery 2. Use a profile - similar to username recovery. However authentication and recovery may be using different claims. For me option 2 looks good if possible. If the claims required is one then it actually converges to option 1. Regards, Johann. > > Thanks! > -Ayesha > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: aye...@wso2.com <ayshsa...@gmail.com> > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev