On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna <[email protected]> wrote:
> Hi Malaka. > > On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> wrote: > >> Hi Ishara, >> >> I guess the subject is bit misleading. What we are trying to achieve >> here is to put common functionalities used by all / most of the IS >> extensions. >> >> For example we have done a improvement to totp to support multi tenancy. >> These logic's are built into totp and that is wrong. So we are planning to >> have these in this module. >> > I think here you are trying to implement utility component to be used in > authenticates. > yes > >> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi kathees, >>> >>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> I am working on creating common extension framework for IS >>>> authenticators. >>>> >>> Can you explain more on this. What is the existing problem and how its >>> going to fix this framework. >>> >>> At the moment we have authentication framework where we mainly handle >>> the authentication related operations and Authenticators >>> are one of the connectors that can be plugged in to authentication >>> framework. >>> So why do we need another framework for authenticates. >>> >>> And I think following items also more specific to authenticates and I >>> don't think we can use them in all authenticates. >>> >>> Thanks, >>> Ishara >>> >>> >>> >>>> >>>> In extension common framework, I am planing to add the following >>>> features which can be reused in authenticators. >>>> >>>> - Federated authenticator support - Currently, two-factor >>>> authenticator supports basic authenticator in the first step and >>>> federated >>>> authentication in first factor supports only in TOTP authenticator. I am >>>> planing to add this federated authenticator support in common framework >>>> so >>>> we can reuse in all two factor authenticators. >>>> >>>> >>>> - Account Lock/Unlock - Currently, we don't have any limit for >>>> applying the code in two factor authenticator authentication. I am >>>> planing >>>> to add Lock a user account functionality [1] when configurable number of >>>> applying code attempts are exceeded in second step of authentication. >>>> >>>> >>>> - Alternative authentication steps >>>> >>>> Backup Phone no - Add backup phone so user can still sign >>>> in if user lose phone and add alternative step as backup phone no. >>>> Backup codes - These printable one-off pass codes allow >>>> you to sign in when away from your phone, like when you’re traveling. >>>> Currently We have similar >>>> functionality in SMS OTP authenticator,We will move to IS authenticator >>>> common framework which can be used in other authenticators. >>>> >>> Is this specific to a authinticator? >> >> >> > Yes I think above listed stuff are specific to each authenticators. > For example if you think of Alternative authentication step, That > alternative mechanism should have some relation with the > the configured authenticators. > Actually if should not be a functionality of the authenticator this is > something we should implement introducing policy base > dynamic authentication flows. Then we should be able to configures > authenticates, alternative authenticates, Security levels etc. > with a policy. > >> >>>> - HOTP and TOTP algorithm based code generation - We can reuse OTP >>>> code generation in SMS [2] and Email OTP [3], TOTP [4] authenticators. >>>> >>>> >>>> Supporting muti tenancy should be added. >> >> > Normally we associate an authenticator to a SP in a given tenant so do we > need to handle tenancy in a authenticator level ? > No issues is how can we keep configuration bound to a tenant in local authinticators. Eg:- Keep configs for the super teanant in local file and per tenant in registry. > > Thanks, > Ishara > > >> Please let me know if you have any concerns. >>>> >>>> [1] - https://docs.wso2.com/display/IS520/User+Account+Locking+and >>>> +Account+Disabling >>>> >>>> [2] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+SMSOT >>>> P+Authenticator >>>> >>>> [3] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Email >>>> OTP+Authenticator >>>> >>>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>>> P+Authenticator >>>> >>>> Thanks, >>>> Kathees >>>> >>>> -- >>>> Kathees >>>> Software Engineer, >>>> email: [email protected] >>>> mobile: +94772596173 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> Best Regards, >> >> Malaka Silva >> Senior Technical Lead >> M: +94 777 219 791 >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> Skype : malaka.sampath.silva >> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >> Blog : http://mrmalakasilva.blogspot.com/ >> >> WSO2, Inc. >> lean . enterprise . middleware >> https://wso2.com/signature >> http://www.wso2.com/about/team/malaka-silva/ >> <http://wso2.com/about/team/malaka-silva/> >> https://store.wso2.com/store/ >> >> Don't make Trees rare, we should keep them with care >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Best Regards, Malaka Silva Senior Technical Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware https://wso2.com/signature http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> https://store.wso2.com/store/ Don't make Trees rare, we should keep them with care
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
