[
https://issues.apache.org/jira/browse/OAK-6144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16029533#comment-16029533
]
angela commented on OAK-6144:
-----------------------------
[~baedke], please make sure you mention the right angela in your comments.
regarding your comment
{quote}
Of course, consumers under our control, ilke DynamicSyncContext and
DefaultSyncContext, should do just that.
{quote}
that statement is ambiguous since you made 2 statements above. what 'that' are
you referring to?
[~tripod], i am opposed to skipping the baseline plugin for changes like that.
we change the contract and we have to do that properly. if that results in
changing the exported major version, that's what it needs to be.
> ExternalIdentity should have a method indicating if an identity is actually
> active
> ----------------------------------------------------------------------------------
>
> Key: OAK-6144
> URL: https://issues.apache.org/jira/browse/OAK-6144
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: auth-external
> Reporter: Manfred Baedke
> Assignee: Manfred Baedke
> Attachments: oak-6144-1.patch
>
>
> The interface ExternalIdentityProvider currently offers the method
> getIdentity(ExternalIdentityRef) to resolve a reference to an external
> Identity, but there is no way to tell if the external identity is considered
> active by the identity provider. The ability to resolve the reference doesn't
> mean that the resulting identity may actually be used for authentication or
> authorization.
> If ExternaIIdentity isn't able to express this difference, it's hard to come
> up with a sensible implemenation of e.g.
> SynchronizationMBean#purgeOrphanedUsers(), because the ability to resolve a
> reference to an external identity doesn't mean that the corresponding Oak
> user is still valid.
> A new method ExternalIdentiy#isActive() would allow us to clearly define the
> notion of an "orphaned user".
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
