Re: [Dev] [IS 6.0.0] [SCIM 2.0] SCIM meta attributes directly get connected to User object

2017-03-06 Thread Maduranga Siriwardena 
Hi Indunil,

IDM_USER table does not create a single entry for a single user. Rather it
will have an entry to map the user details in each connector for a single
user. As an example if there is one credential store connector and one
identity store connector there will be 2 entries for a single user in
IDM_USER. So with the current architecture, you will find it difficult to
achieve your goal.

@Thanuja, any thoughts?

Thanks,

On Tue, Feb 28, 2017 at 11:28 PM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:

> hi,
>
> As per the SCIM 2.0 Core specification (Refer [1]), there are *resource
> meta attributes such as resourceType, created, lastModified, location and
> version* which are Common Attributes for all the resources.
> As in the specification: "*Each SCIM resource (Users, Groups, etc.)
> includes the following common attributes.  With the exception of the
> "ServiceProviderConfig" and "ResourceType" server discovery endpoints and
> their associated resources, these attributes MUST be defined for all
> resources, including any extended resource types.*".
>
> Currently the SCIM meta attributes of a user, saved in the
> "UM_USER_ATTRIBUTES" table with the other user attributes. We are planning
> to move all the SCIM meta attributes to "IDM_USER" table([2]) and make it
> part of User, basically this is to have performance improvements when
> querying for list users(in list users need only to return meta data unless
> client specifically asks for other attributes) etc.
>
> But is it correct to move the meta attributes to "IDM_USER" table, since
> those are common attributes which are not directly related to the "User"
> Resource Schema?
>
> Appreciate your idea on this.
>
> [1] https://tools.ietf.org/html/rfc7643#section-3.1
> [2] https://github.com/wso2/carbon-identity-mgt/blob/
> master/feature/org.wso2.carbon.identity.mgt.feature/
> resources/dbscripts/identity-mgt/h2.sql#L21
>
> Thanks and Regards
> --
> Indunil Upeksha Rathnayake
> Software Engineer | WSO2 Inc
> Emailindu...@wso2.com
> Mobile   0772182255
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Maduranga Siriwardena
Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: http://madurangasblogs.blogspot.com/

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 6.0.0] [SCIM 2.0] SCIM meta attributes directly get connected to User object

2017-03-01 Thread Johann Nallathamby 
On Wed, Mar 1, 2017 at 12:21 PM, Maduranga Siriwardena 
wrote:

> Hi All,
>
> So what we previously thought was it is just another attribute of a user
> or a group and don't need any special treatment. That's why we followed
> this model and added them to UM_USER_ATTRIBUTES in connector. So if this
> helps with a performance improvement or if this model has any issue, you
> have change the model related to IDM_USER tables to accommodate this.
>

I am not saying it should be part of the same table we have. If we need to
normalize it I understand that it may go to a separate table and we may
have to do a join in order to get the full user object; in which case we
may loose some performance. Still I think its logical to have it in our
internal tables rather than the identity store. Having it in the identity
store will drastically impact performance compared to join of two tables
because it is two JDBC calls or one JDBC and one LDAP call.

Having it in the identity store can be an option; similar to how Isura
designed it for the state value - we always keep the state value in the
IDM_USER table, but user has the option to update the state value in the
identity store if it supports that attribute through a lifecycle executor
in addition to the filed that we maintain. For all internal functionality
we only depend on the field that we maintain in out tables.


> Thanks,
>
> On Wed, Mar 1, 2017 at 10:58 AM, Ruwan Abeykoon  wrote:
>
>> Hi All,
>> With the explanation which is provided by Maduranga, yes, none of the
>> meta attributes can go to IDM_USER.
>>
>>
>> Cheers,
>> Ruwan
>>
>>
>> On Wed, Mar 1, 2017 at 9:53 PM, Maduranga Siriwardena > > wrote:
>>
>>> Hi Indunil,
>>>
>>> IDM_USER table does not create a single entry for a single user. Rather
>>> it will have an entry to map the user details in each connector for a
>>> single user. As an example if there is one credential store connector and
>>> one identity store connector there will be 2 entries for a single user in
>>> IDM_USER. So with the current architecture, you will find it difficult to
>>> achieve your goal.
>>>
>>> @Thanuja, any thoughts?
>>>
>>> Thanks,
>>>
>>> On Tue, Feb 28, 2017 at 11:28 PM, Indunil Upeksha Rathnayake <
>>> indu...@wso2.com> wrote:
>>>
 hi,

 As per the SCIM 2.0 Core specification (Refer [1]), there are *resource
 meta attributes such as resourceType, created, lastModified, location and
 version* which are Common Attributes for all the resources.
 As in the specification: "*Each SCIM resource (Users, Groups, etc.)
 includes the following common attributes.  With the exception of the
 "ServiceProviderConfig" and "ResourceType" server discovery endpoints and
 their associated resources, these attributes MUST be defined for all
 resources, including any extended resource types.*".

 Currently the SCIM meta attributes of a user, saved in the
 "UM_USER_ATTRIBUTES" table with the other user attributes. We are planning
 to move all the SCIM meta attributes to "IDM_USER" table([2]) and make it
 part of User, basically this is to have performance improvements when
 querying for list users(in list users need only to return meta data unless
 client specifically asks for other attributes) etc.

 But is it correct to move the meta attributes to "IDM_USER" table,
 since those are common attributes which are not directly related to the
 "User" Resource Schema?

 Appreciate your idea on this.

 [1] https://tools.ietf.org/html/rfc7643#section-3.1
 [2] https://github.com/wso2/carbon-identity-mgt/blob/master/feat
 ure/org.wso2.carbon.identity.mgt.feature/resources/dbscripts
 /identity-mgt/h2.sql#L21

 Thanks and Regards
 --
 Indunil Upeksha Rathnayake
 Software Engineer | WSO2 Inc
 Emailindu...@wso2.com
 Mobile   0772182255

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Maduranga Siriwardena
>>> Software Engineer
>>> WSO2 Inc; http://wso2.com/
>>>
>>> Email: madura...@wso2.com
>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>> Blog: http://madurangasblogs.blogspot.com/
>>> 
>>>
>>
>>
>>
>> --
>>
>> *Ruwan Abeykoon*
>> *Associate Director/Architect**,*
>> *WSO2, Inc. http://wso2.com  *
>> *lean.enterprise.middleware.*
>>
>>
>
>
> --
> Maduranga Siriwardena
> Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
> Mobile: +94718990591 <+94%2071%20899%200591>
> Blog: http://madurangasblogs.blogspot.com/
> 
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *

Re: [Dev] [IS 6.0.0] [SCIM 2.0] SCIM meta attributes directly get connected to User object

2017-03-01 Thread Johann Nallathamby 
On Wed, Mar 1, 2017 at 2:12 AM, Gayan Gunawardana  wrote:

>
>
> On Wed, Mar 1, 2017 at 10:58 AM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> hi,
>>
>> As per the SCIM 2.0 Core specification (Refer [1]), there are *resource
>> meta attributes such as resourceType, created, lastModified, location and
>> version* which are Common Attributes for all the resources.
>> As in the specification: "*Each SCIM resource (Users, Groups, etc.)
>> includes the following common attributes.  With the exception of the
>> "ServiceProviderConfig" and "ResourceType" server discovery endpoints and
>> their associated resources, these attributes MUST be defined for all
>> resources, including any extended resource types.*".
>>
>> Currently the SCIM meta attributes of a user, saved in the
>> "UM_USER_ATTRIBUTES" table with the other user attributes. We are planning
>> to move all the SCIM meta attributes to "IDM_USER" table([2]) and make it
>> part of User, basically this is to have performance improvements when
>> querying for list users(in list users need only to return meta data unless
>> client specifically asks for other attributes) etc.
>>
> @Johann
> Is there any other advantage than performance improvement ?
>

More than looking at it as performance improvement, I would look at it as
an inherent part of the user object. There can't exist a user object
without filling the metadata attributes. Therefore it is only logical to
store it along the global UUID in IDM_USER table. Performance improvement
is just a added benefit we get. I didn't look at it from the POV of
performance initially. I looked at it and thought it makes sense to have it
in IDM_USER even if we forget about performance improvement.

>
>> But is it correct to move the meta attributes to "IDM_USER" table, since
>> those are common attributes which are not directly related to the "User"
>> Resource Schema?
>>
>
>> Appreciate your idea on this.
>>
> +1 I think we need to do same for IDM_GROUP table as well.
>
>>
>> [1] https://tools.ietf.org/html/rfc7643#section-3.1
>> [2] https://github.com/wso2/carbon-identity-mgt/blob/master/
>> feature/org.wso2.carbon.identity.mgt.feature/resources
>> /dbscripts/identity-mgt/h2.sql#L21
>>
>> Thanks and Regards
>> --
>> Indunil Upeksha Rathnayake
>> Software Engineer | WSO2 Inc
>> Emailindu...@wso2.com
>> Mobile   0772182255
>>
>
>
>
> --
> Gayan Gunawardana
> Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS 6.0.0] [SCIM 2.0] SCIM meta attributes directly get connected to User object

2017-03-01 Thread Indunil Upeksha Rathnayake 
hi,

As per the SCIM 2.0 Core specification (Refer [1]), there are *resource
meta attributes such as resourceType, created, lastModified, location and
version* which are Common Attributes for all the resources.
As in the specification: "*Each SCIM resource (Users, Groups, etc.)
includes the following common attributes.  With the exception of the
"ServiceProviderConfig" and "ResourceType" server discovery endpoints and
their associated resources, these attributes MUST be defined for all
resources, including any extended resource types.*".

Currently the SCIM meta attributes of a user, saved in the
"UM_USER_ATTRIBUTES" table with the other user attributes. We are planning
to move all the SCIM meta attributes to "IDM_USER" table([2]) and make it
part of User, basically this is to have performance improvements when
querying for list users(in list users need only to return meta data unless
client specifically asks for other attributes) etc.

But is it correct to move the meta attributes to "IDM_USER" table, since
those are common attributes which are not directly related to the "User"
Resource Schema?

Appreciate your idea on this.

[1] https://tools.ietf.org/html/rfc7643#section-3.1
[2]
https://github.com/wso2/carbon-identity-mgt/blob/master/feature/org.wso2.carbon.identity.mgt.feature/resources/dbscripts/identity-mgt/h2.sql#L21

Thanks and Regards
-- 
Indunil Upeksha Rathnayake
Software Engineer | WSO2 Inc
Emailindu...@wso2.com
Mobile   0772182255
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev