subject:"\[Architecture\] User\-Core Unique User Id Implementation"

Re: [Architecture] User-Core Unique User Id Implementation

2016-10-11 Thread Ishara Karunarathna

Hi Akalanka,

On Tue, Oct 11, 2016 at 6:09 PM, Kishanthan Thangarajah  wrote:

> Hi Akalanka,
>
>
> On Tue, Oct 11, 2016 at 4:58 PM, Akalanka Pagoda Arachchi <
> darsha...@wso2.com> wrote:
>
>> Hi All,
>>
>> We're implementing the Unique User Id concept in C5 User Core. This
>> evolved as a requirement with the introduction of the Domain model to the
>> User Core.
>>
>> The user domain model is as follows.
>>
>>- Users are available in multiple domains.
>>- Each domain can contain more than one IdentityStoreConnector.
>>- Each connector will have a set of user attributes.
>>- A user is an object created by combining all the attributes in
>>IdentityStoreConnectors for a domain.
>>- Each user attribute from an IdentityStoreConnector maps to a
>>specific claim.
>>
>> When resolving a user, there should be a mapping to identify the same
>> user between different connectors. For this purpose we're introducing a
>> Unique User Id concept. The idea behind Unique User Id is as follows.
>>
>> Apart from this Unique ID is a immutable attribute that use has (same as
scimID), so user can change any attributes (even user name) but still we
should be able to uniquely identify the
user with this id within the system.

>
>>- A Unique User Id will be unique across the User-Core no matter the
>>domain the user in.
>>
>> Are you saying that this ID will be unique across all the domains?
>
>>
>>- This unique Id will be maintained in a database table.
>>- The table will contain mapping for the Unique Id to each
>>connectors' individual user Id.
>>GlobalUniqueId | ConnectorUserId | ConnectorId
>>
>>
> In here, can you also clearly explain the relationship between GlobalUniqueId,
> ConnectorUserId and/or UniqueUserId? Because, this will cause confusion as
> they all refer as an identifier for the user.
>
> And how they will be used in resolving a user?
>
>
>
>> When retrieving all the Claims for a User, following sequence will be
>> followed.
>>
>>- Get user from primary attribute
>>
>> Need to explain what is a primary attribute here with an example? Also
> how primary attribute is configured at connector level?
>
>>
>>- Get unique user Id from mapping table for that user
>>- Find the connector which has the required attribute
>>- Get connector specific user Id for the required connector from the
>>mapping table
>>- Retrieve attribute value from that connector.
>>
>> A simplified sequence diagram for this flow is as below.
>>
>
> In the below sequence diagram, I think we have missed how the UniqueUserId
> is retrieved before calling the UserBuilder.setUniqueUserID. Is that
> correct?
>
>
>>
>>
>> 
>>
>>  *Sequence Diagram for getClaim*
>>
>> One important note on this implementation is that as of the current
>> design UserCore will not be responsible for populating the unique user Id
>> mapping table. How and where this should be populated is still an open
>> discussion. Any suggestions are welcome.
>>
>
>
> How many DB/connector level calls that this will have in doing a typical
> user retrieval with above suggestion? What will be the performance impact?
>
Yes definitely we should be careful on the number of IO operation we do in
each flows. Since it has a big impact when it comes to Identity server
related operations.

>
> Thanks,
> Kishanthan.
>
>>
>> Thanks,
>> Akalanka.
>> 
>>
>>
>> --
>> *Darshana Akalanka Pagoda Arachchi,*
>> *Senior Software Engineer, WSO2*
>> *+94777118016 <%2B94777118016>*
>>
>
>
>
> --
> *Kishanthan Thangarajah*
> Technical Lead,
> Platform Technologies Team,
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +94773426635
> Blog - *http://kishanthan.wordpress.com *
> Twitter - *http://twitter.com/kishanthan *
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Ishara Karunarathna
Associate Technical Lead
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
+94717996791
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] User-Core Unique User Id Implementation

2016-10-11 Thread Kishanthan Thangarajah

Hi Akalanka,


On Tue, Oct 11, 2016 at 4:58 PM, Akalanka Pagoda Arachchi <
darsha...@wso2.com> wrote:

> Hi All,
>
> We're implementing the Unique User Id concept in C5 User Core. This
> evolved as a requirement with the introduction of the Domain model to the
> User Core.
>
> The user domain model is as follows.
>
>- Users are available in multiple domains.
>- Each domain can contain more than one IdentityStoreConnector.
>- Each connector will have a set of user attributes.
>- A user is an object created by combining all the attributes in
>IdentityStoreConnectors for a domain.
>- Each user attribute from an IdentityStoreConnector maps to a
>specific claim.
>
> When resolving a user, there should be a mapping to identify the same user
> between different connectors. For this purpose we're introducing a Unique
> User Id concept. The idea behind Unique User Id is as follows.
>
>
>- A Unique User Id will be unique across the User-Core no matter the
>domain the user in.
>
> Are you saying that this ID will be unique across all the domains?

>
>- This unique Id will be maintained in a database table.
>- The table will contain mapping for the Unique Id to each connectors'
>individual user Id.
>GlobalUniqueId | ConnectorUserId | ConnectorId
>
>
In here, can you also clearly explain the relationship between GlobalUniqueId,
ConnectorUserId and/or UniqueUserId? Because, this will cause confusion as
they all refer as an identifier for the user.

And how they will be used in resolving a user?



> When retrieving all the Claims for a User, following sequence will be
> followed.
>
>- Get user from primary attribute
>
> Need to explain what is a primary attribute here with an example? Also how
primary attribute is configured at connector level?

>
>- Get unique user Id from mapping table for that user
>- Find the connector which has the required attribute
>- Get connector specific user Id for the required connector from the
>mapping table
>- Retrieve attribute value from that connector.
>
> A simplified sequence diagram for this flow is as below.
>

In the below sequence diagram, I think we have missed how the UniqueUserId
is retrieved before calling the UserBuilder.setUniqueUserID. Is that
correct?


>
>
> 
>
>  *Sequence Diagram for getClaim*
>
> One important note on this implementation is that as of the current design
> UserCore will not be responsible for populating the unique user Id mapping
> table. How and where this should be populated is still an open discussion.
> Any suggestions are welcome.
>


How many DB/connector level calls that this will have in doing a typical
user retrieval with above suggestion? What will be the performance impact?

Thanks,
Kishanthan.

>
> Thanks,
> Akalanka.
> 
>
>
> --
> *Darshana Akalanka Pagoda Arachchi,*
> *Senior Software Engineer, WSO2*
> *+94777118016 <%2B94777118016>*
>



-- 
*Kishanthan Thangarajah*
Technical Lead,
Platform Technologies Team,
WSO2, Inc.
lean.enterprise.middleware

Mobile - +94773426635
Blog - *http://kishanthan.wordpress.com *
Twitter - *http://twitter.com/kishanthan *
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] User-Core Unique User Id Implementation

2016-10-11 Thread Akalanka Pagoda Arachchi

Hi All,

We're implementing the Unique User Id concept in C5 User Core. This evolved
as a requirement with the introduction of the Domain model to the User Core.

The user domain model is as follows.

   - Users are available in multiple domains.
   - Each domain can contain more than one IdentityStoreConnector.
   - Each connector will have a set of user attributes.
   - A user is an object created by combining all the attributes in
   IdentityStoreConnectors for a domain.
   - Each user attribute from an IdentityStoreConnector maps to a specific
   claim.

When resolving a user, there should be a mapping to identify the same user
between different connectors. For this purpose we're introducing a Unique
User Id concept. The idea behind Unique User Id is as follows.


   - A Unique User Id will be unique across the User-Core no matter the
   domain the user in.
   - This unique Id will be maintained in a database table.
   - The table will contain mapping for the Unique Id to each connectors'
   individual user Id.
   GlobalUniqueId | ConnectorUserId | ConnectorId

When retrieving all the Claims for a User, following sequence will be
followed.

   - Get user from primary attribute
   - Get unique user Id from mapping table for that user
   - Find the connector which has the required attribute
   - Get connector specific user Id for the required connector from the
   mapping table
   - Retrieve attribute value from that connector.

A simplified sequence diagram for this flow is as below.




   *Sequence Diagram for getClaim*

One important note on this implementation is that as of the current design
UserCore will not be responsible for populating the unique user Id mapping
table. How and where this should be populated is still an open discussion.
Any suggestions are welcome.

Thanks,
Akalanka.



-- 
*Darshana Akalanka Pagoda Arachchi,*
*Senior Software Engineer, WSO2*
*+94777118016*
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] User-Core Unique User Id Implementation

Re: [Architecture] User-Core Unique User Id Implementation

[Architecture] User-Core Unique User Id Implementation

3 matches

Site Navigation

Mail list logo

Footer information