[ 
https://issues.apache.org/jira/browse/OAK-6144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16017457#comment-16017457
 ] 

angela commented on OAK-6144:
-----------------------------

[~baedke], but with dynamic group membership, there is no group to remove.

> ExternalIdentity should have a method indicating if an identity is actually 
> active
> ----------------------------------------------------------------------------------
>
>                 Key: OAK-6144
>                 URL: https://issues.apache.org/jira/browse/OAK-6144
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: auth-external
>            Reporter: Manfred Baedke
>            Assignee: Manfred Baedke
>         Attachments: oak-6144-1.patch
>
>
> The interface ExternalIdentityProvider currently offers the method 
> getIdentity(ExternalIdentityRef) to resolve a reference to an external 
> Identity, but there is no way to tell if the external identity is considered 
> active by the identity provider. The ability to resolve the reference doesn't 
> mean that the resulting identity may actually be used for authentication or 
> authorization.
> If ExternaIIdentity isn't able to express this difference, it's hard to come 
> up with a sensible implemenation of e.g. 
> SynchronizationMBean#purgeOrphanedUsers(), because the ability to resolve a 
> reference to an external identity doesn't mean that the corresponding Oak 
> user is still valid.
> A new method ExternalIdentiy#isActive() would allow us to clearly define the 
> notion of an "orphaned user".



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to