On Fri, Apr 18, 2014 at 6:20 PM, Chan <[email protected]> wrote: > On Fri, Apr 18, 2014 at 5:58 PM, Amila Maha Arachchi <[email protected]>wrote: > >> >> >> >> On Fri, Apr 18, 2014 at 5:54 PM, Chan <[email protected]> wrote: >> >>> Hi Sumedha/Dmitry, >>> In this scenario - is the user going to authenticate himself first to be >>> able to see the organizations? Why I am asking is because in EMM - the >>> Android Agent has a user login. We need to know whether there is a security >>> issue in showing the user the available organizations as tenants for >>> unauthenticated users. >>> >> >> Yes, the user has to be logged in to see the organisations he/she is >> associated with (we are doing it that way) >> > > How are you guys doing this? Is it by authenticating to all the tenant > user-store or showing all the available tenants to the user? >
We have a flat user base in LDAP. Tenants are created as ou in LDAP. Users are added to these tenants. Authentication is done against the flat user base. Then we check which tenants this user is associated with and display them. We haven't implemented the scenario where a tenant having a separate user-store. We were planning to distinguish such users based on the tenant domain and authenticate against their user store. I cannot further comment on implementation details coz this is not done yet. > > >> . Otherwise, it is an issue to show the available organisations/tenants >> for users who are not signed in. >> >>> >>> Cheers~ >>> >>> >>> On Fri, Apr 18, 2014 at 10:09 AM, Sumedha Kodithuwakku < >>> [email protected]> wrote: >>> >>>> [Adding to Architecture] >>>> >>>> >>>> On Fri, Apr 18, 2014 at 12:37 AM, Dmitry Sotnikov <[email protected]>wrote: >>>> >>>>> Sumedha, >>>>> >>>>> +1 on all three cases. >>>>> >>>>> Dmitry >>>>> >>>>> >>>>> On Thu, Apr 17, 2014 at 10:25 AM, Sumedha Kodithuwakku < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Dmitry, >>>>>> >>>>>> In the new model user can be a member of several organizations. >>>>>> Therefore there can be three situations as follows; >>>>>> >>>>>> I have assumed the approach we should take in each case. Please >>>>>> clarify whether they are correct or or not. >>>>>> >>>>>> *Case 1: User is a member of more than one Organization* >>>>>> >>>>>> User Will be given the option of selecting the desired Organization. >>>>>> Once he sing in, there will be a Organization management page where user >>>>>> can modify/add new Organizations. Therefore in the organization selection >>>>>> page there won't be a way to add a new organization. >>>>>> >>>>>> *Case 2: User is a member only in one organization* >>>>>> >>>>>> User will be sing in directly to that Organization. Once he sign in >>>>>> there will be a Organization management page where user can modify/add >>>>>> new >>>>>> Organizations. >>>>>> >>>>>> *Case 3: User is not a member of any Organization* >>>>>> >>>>>> User should be redirected to page where he can add a new organization >>>>>> and then sing in the user into that organization. This page can be the >>>>>> same >>>>>> as above. >>>>>> >>>>>> >>>>>> Thanks >>>>>> SumedhaS >>>>>> >>>>>> -- >>>>>> *Sumedha Kodithuwakku* >>>>>> Software Engineer >>>>>> WSO2 Inc. : wso2.com >>>>>> lean . enterprise . middleware >>>>>> >>>>>> Email: [email protected]; Mobile: +94 71 808 1124 >>>>>> Blog: http://sumedhask.blogspot.com/ >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Dmitry Sotnikov >>>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>>> email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov >>>>> Lean . Enterprise . Middleware >>>>> >>>>> <http://wso2.com/events/> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Sumedha Kodithuwakku* >>>> Software Engineer >>>> WSO2 Inc. : wso2.com >>>> lean . enterprise . middleware >>>> >>>> Email: [email protected]; Mobile: +94 71 808 1124 >>>> Blog: http://sumedhask.blogspot.com/ >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Chan (Dulitha Wijewantha) >>> Software Engineer - Mobile Development >>> WSO2Mobile >>> Lean.Enterprise.Mobileware >>> * ~Email [email protected] <[email protected]>* >>> * ~Mobile +94712112165 <%2B94712112165>* >>> * ~Website dulitha.me <http://dulitha.me>* >>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>> *~Github @dulichan <https://github.com/dulichan>* >>> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Amila Maharachchi* >> Senior Technical Lead >> WSO2, Inc.; http://wso2.com >> >> Blog: http://maharachchi.blogspot.com >> Mobile: +94719371446 >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Chan (Dulitha Wijewantha) > Software Engineer - Mobile Development > WSO2Mobile > Lean.Enterprise.Mobileware > * ~Email [email protected] <[email protected]>* > * ~Mobile +94712112165 <%2B94712112165>* > * ~Website dulitha.me <http://dulitha.me>* > * ~Twitter @dulitharw <https://twitter.com/dulitharw>* > *~Github @dulichan <https://github.com/dulichan>* > *~SO @chan <http://stackoverflow.com/users/813471/chan>* > -- *Amila Maharachchi* Senior Technical Lead WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
