Hi Malaka. On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> wrote:
> Hi Ishara, > > I guess the subject is bit misleading. What we are trying to achieve > here is to put common functionalities used by all / most of the IS > extensions. > > For example we have done a improvement to totp to support multi tenancy. > These logic's are built into totp and that is wrong. So we are planning to > have these in this module. > I think here you are trying to implement utility component to be used in authenticates. > > On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna <[email protected]> > wrote: > >> Hi kathees, >> >> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram <[email protected]> >> wrote: >> >>> Hi All, >>> >>> I am working on creating common extension framework for IS >>> authenticators. >>> >> Can you explain more on this. What is the existing problem and how its >> going to fix this framework. >> >> At the moment we have authentication framework where we mainly handle the >> authentication related operations and Authenticators >> are one of the connectors that can be plugged in to authentication >> framework. >> So why do we need another framework for authenticates. >> >> And I think following items also more specific to authenticates and I >> don't think we can use them in all authenticates. >> >> Thanks, >> Ishara >> >> >> >>> >>> In extension common framework, I am planing to add the following >>> features which can be reused in authenticators. >>> >>> - Federated authenticator support - Currently, two-factor >>> authenticator supports basic authenticator in the first step and >>> federated >>> authentication in first factor supports only in TOTP authenticator. I am >>> planing to add this federated authenticator support in common framework >>> so >>> we can reuse in all two factor authenticators. >>> >>> >>> - Account Lock/Unlock - Currently, we don't have any limit for >>> applying the code in two factor authenticator authentication. I am >>> planing >>> to add Lock a user account functionality [1] when configurable number of >>> applying code attempts are exceeded in second step of authentication. >>> >>> >>> - Alternative authentication steps >>> >>> Backup Phone no - Add backup phone so user can still sign >>> in if user lose phone and add alternative step as backup phone no. >>> Backup codes - These printable one-off pass codes allow >>> you to sign in when away from your phone, like when you’re traveling. >>> Currently We have similar >>> functionality in SMS OTP authenticator,We will move to IS authenticator >>> common framework which can be used in other authenticators. >>> >> Is this specific to a authinticator? > > > Yes I think above listed stuff are specific to each authenticators. For example if you think of Alternative authentication step, That alternative mechanism should have some relation with the the configured authenticators. Actually if should not be a functionality of the authenticator this is something we should implement introducing policy base dynamic authentication flows. Then we should be able to configures authenticates, alternative authenticates, Security levels etc. with a policy. > >>> - HOTP and TOTP algorithm based code generation - We can reuse OTP >>> code generation in SMS [2] and Email OTP [3], TOTP [4] authenticators. >>> >>> >>> Supporting muti tenancy should be added. > > Normally we associate an authenticator to a SP in a given tenant so do we need to handle tenancy in a authenticator level ? Thanks, Ishara > Please let me know if you have any concerns. >>> >>> [1] - https://docs.wso2.com/display/IS520/User+Account+Locking+and >>> +Account+Disabling >>> >>> [2] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+SMSOT >>> P+Authenticator >>> >>> [3] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Email >>> OTP+Authenticator >>> >>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>> P+Authenticator >>> >>> Thanks, >>> Kathees >>> >>> -- >>> Kathees >>> Software Engineer, >>> email: [email protected] >>> mobile: +94772596173 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > Best Regards, > > Malaka Silva > Senior Technical Lead > M: +94 777 219 791 > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > https://wso2.com/signature > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Don't make Trees rare, we should keep them with care > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
