Hi Ishara/Darshana, How does this compare with the new provisioning configurations we provide through UI in IS 5.0?
Currently we have capability for service providers to configure which user store they want the users/groups to be provisioned to in Service Provider UI under inbound provisioning configurations. The same thing is also there in the Resident Service Provider configurations. In both places we can skip selecting a user store which is effectively dumb mode. In that case how should this work with the file based configurations? If we haven't thought about it my idea is, 1. If configuration says dumb mode then no service provider should be able to provision to any user store (its a global config that needs to be honoured, we might need to lock the option in the UI). 2. If configuration says non-dumb mode, then service providers can selectively provision to user stores according to their preference (even can do dumb mode by not selecting user store in inbound provisioning UI). Thoughts? Thanks, Johann. On Fri, Jul 11, 2014 at 6:58 PM, Ishara Karunarathna <[email protected]> wrote: > Hi Gayan, > > > On Fri, Jul 11, 2014 at 1:15 AM, Gayan Gunawardana <[email protected]> wrote: > >> Hi Ishara, >> >> Could you please elaborate more about dump mode in SCIMUserManager and >> how the changes should be reflected to dump mode. >> > In dumb mode IS which is configured in dumb mode will act as a > provisioning hub only. It wont store Users or Roles in its user store. > It will re provision these resources to configures SCIM service providers. > > You will configure this in provisioning-config.xml configuration file. > [IS_Home]/repository/conf/ > > Thanks, > -Ishara > > >> Thanks, >> Gayan >> >> >> On Thu, Jul 10, 2014 at 9:20 AM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> Hi, >>> >>> There are around 10 use-cases under [1] here *3.2.2 Modifying with >>> patch*. I have already done first use-case and working on other >>> use-cases as well. >>> >>> [1] >>> http://www.simplecloud.info/specs/draft-scim-api-01.html#edit-resource-with-patch >>> >>> >>> >>> On Wed, Jul 9, 2014 at 11:20 PM, Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> +1. This is a valuable addition to IS. >>>> >>>> >>>> On Wed, Jul 9, 2014 at 11:44 AM, Ishara Karunarathna <[email protected] >>>> > wrote: >>>> >>>>> Hi Gayan, >>>>> >>>>> >>>>> On Tue, Jul 8, 2014 at 10:39 PM, Gayan Gunawardana <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Ishara, >>>>>> >>>>>> Thanks for the information. >>>>>> >>>>>> Are we going to support all use-cases according to [1] ? >>>>>> >>>>>> >>>>> Under User and Group resources mainly we have to implement Patch >>>>> operation and >>>>> there are some improvement in listing and filtering. >>>>> >>>>> I think its better to start with implementing with PATCH operation. >>>>> >>>>> >>>>>> [1] >>>>>> http://www.simplecloud.info/specs/draft-scim-api-01.html#edit-resource-with-patch >>>>>> >>>>>> >>>>>> On Wed, Jul 9, 2014 at 10:39 AM, Ishara Karunarathna < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Gayan, >>>>>>> >>>>>>> >>>>>>> On Tue, Jul 8, 2014 at 9:32 PM, Gayan Gunawardana <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> Currently WSO2 Identity Server does not support PATCH method for >>>>>>>> SCIM end points. >>>>>>>> >>>>>>>> The major limitation came up with that is in order to add single >>>>>>>> user into a group, new user has to be sent with all existing users. >>>>>>>> >>>>>>>> Above requirement can be archived by adding PATCH method support >>>>>>>> for JAX-RS implementation and doing mirror changes to update group >>>>>>>> operation. >>>>>>>> >>>>>>> Yes patch is not only for add users to group and it is more useful >>>>>>> than that. >>>>>>> >>>>>>>> >>>>>>>> But according to the spec [1] PATCH method has many powerful >>>>>>>> features like selectively sending added users and deleted users. >>>>>>>> >>>>>>> Here you are pointing to the the wrong draft API which is not >>>>>>> finalized yet and still its PATCH operation is under discussion. At the >>>>>>> moment >>>>>>> WSO2IS support for SCIM draft API 1.1, So I think its better to >>>>>>> support PATCH operation in draft API 1.1 [1] Until we support for next >>>>>>> version. >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> -Ishara >>>>>>> >>>>>>> [1] >>>>>>> http://www.simplecloud.info/specs/draft-scim-api-01.html#edit-resource-with-patch >>>>>>> >>>>>>> and still WSO2 IS support for draft API 1.1. So you w >>>>>>> Yes patch is not only for add users to group and it is more useful >>>>>>> than that. >>>>>>> >>>>>>>> >>>>>>>> Example >>>>>>>> >>>>>>>> PATCH /Groups/acbf3ae7-8463-4692-b4fd-9b4da3f908ce >>>>>>>> >>>>>>>> { >>>>>>>> "schemas": ["urn:scim:schemas:core:2.0:Group"], >>>>>>>> "members": [ >>>>>>>> { >>>>>>>> "display": "Babs Jensen", >>>>>>>> "$ref": >>>>>>>> "https://example.com/v1/Users/2819c223-7f76-453a-919d-413861904646";, >>>>>>>> "value": "2819c223-7f76-453a-919d-413861904646" >>>>>>>> "operation": "delete" >>>>>>>> }, >>>>>>>> { >>>>>>>> "display": "James Smith", >>>>>>>> "$ref": >>>>>>>> "https://example.com/v1/Users/08e1d05d-121c-4561-8b96-473d93df9210";, >>>>>>>> "value": "08e1d05d-121c-4561-8b96-473d93df9210" >>>>>>>> } >>>>>>>> ] >>>>>>>> } >>>>>>>> >>>>>>>> Current charon [2] implementation does not decode single member >>>>>>>> into member object and rather it sends members id as a String array >>>>>>>> list or >>>>>>>> members display name as a String array list. This is a kind of major >>>>>>>> bottleneck to implement selective delete operation. >>>>>>>> >>>>>>>> Are we going to scope PATCH implementation? >>>>>>>> >>>>>>>> WDYT? >>>>>>>> >>>>>>>> >>>>>>>> [1] http://tools.ietf.org/html/draft-ietf-scim-api-02#section-3.3.2 >>>>>>>> >>>>>>>> [2] https://docs.wso2.com/display/IS500/Working+with+SCIM >>>>>>>> -- >>>>>>>> Gayan Gunawardana >>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>> Email: [email protected] >>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ishara Karunarathna >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>> >>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>> mobile: +94 718211678 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Gayan Gunawardana >>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>> Email: [email protected] >>>>>> Mobile: +94 (71) 8020933 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Senior Software Engineer >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94 >>>>> 718211678 >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Associate Technical Lead & Product Lead of WSO2 Identity Server >>>> Integration Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> > > > > -- > Ishara Karunarathna > Senior Software Engineer > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94 > 718211678 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
