Hi Malaka. On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> wrote:
> > > On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna <[email protected]> > wrote: > >> Hi Malaka. >> >> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> wrote: >> >>> Hi Ishara, >>> >>> I guess the subject is bit misleading. What we are trying to achieve >>> here is to put common functionalities used by all / most of the IS >>> extensions. >>> >>> For example we have done a improvement to totp to support multi tenancy. >>> These logic's are built into totp and that is wrong. So we are planning to >>> have these in this module. >>> >> I think here you are trying to implement utility component to be used in >> authenticates. >> > yes > > Then +1 for have utility component with common usecases. > >>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna <[email protected]> >>> wrote: >>> >>>> Hi kathees, >>>> >>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I am working on creating common extension framework for IS >>>>> authenticators. >>>>> >>>> Can you explain more on this. What is the existing problem and how its >>>> going to fix this framework. >>>> >>>> At the moment we have authentication framework where we mainly handle >>>> the authentication related operations and Authenticators >>>> are one of the connectors that can be plugged in to authentication >>>> framework. >>>> So why do we need another framework for authenticates. >>>> >>>> And I think following items also more specific to authenticates and I >>>> don't think we can use them in all authenticates. >>>> >>>> Thanks, >>>> Ishara >>>> >>>> >>>> >>>>> >>>>> In extension common framework, I am planing to add the following >>>>> features which can be reused in authenticators. >>>>> >>>>> - Federated authenticator support - Currently, two-factor >>>>> authenticator supports basic authenticator in the first step and >>>>> federated >>>>> authentication in first factor supports only in TOTP authenticator. I >>>>> am >>>>> planing to add this federated authenticator support in common >>>>> framework so >>>>> we can reuse in all two factor authenticators. >>>>> >>>>> >>>>> - Account Lock/Unlock - Currently, we don't have any limit for >>>>> applying the code in two factor authenticator authentication. I am >>>>> planing >>>>> to add Lock a user account functionality [1] when configurable number >>>>> of >>>>> applying code attempts are exceeded in second step of authentication. >>>>> >>>>> >>>>> - Alternative authentication steps >>>>> >>>>> Backup Phone no - Add backup phone so user can still >>>>> sign in if user lose phone and add alternative step as backup phone no. >>>>> Backup codes - These printable one-off pass codes allow >>>>> you to sign in when away from your phone, like when you’re traveling. >>>>> Currently We have similar >>>>> functionality in SMS OTP authenticator,We will move to IS authenticator >>>>> common framework which can be used in other authenticators. >>>>> >>>> Is this specific to a authinticator? >>> >>> >>> >> Yes I think above listed stuff are specific to each authenticators. >> For example if you think of Alternative authentication step, That >> alternative mechanism should have some relation with the >> the configured authenticators. >> Actually if should not be a functionality of the authenticator this is >> something we should implement introducing policy base >> dynamic authentication flows. Then we should be able to configures >> authenticates, alternative authenticates, Security levels etc. >> with a policy. >> >>> >>>>> - HOTP and TOTP algorithm based code generation - We can reuse OTP >>>>> code generation in SMS [2] and Email OTP [3], TOTP [4] authenticators. >>>>> >>>>> >>>>> Supporting muti tenancy should be added. >>> >>> >> Normally we associate an authenticator to a SP in a given tenant so do we >> need to handle tenancy in a authenticator level ? >> > No issues is how can we keep configuration bound to a tenant in local > authinticators. > > Eg:- Keep configs for the super teanant in local file and per tenant in > registry. > Yes this is some thing you can put in to your component. And better to put general requirements only to that. -Ishara > >> Thanks, >> Ishara >> >> >>> Please let me know if you have any concerns. >>>>> >>>>> [1] - https://docs.wso2.com/display/IS520/User+Account+Locking+and >>>>> +Account+Disabling >>>>> >>>>> [2] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+SMSOT >>>>> P+Authenticator >>>>> >>>>> [3] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Email >>>>> OTP+Authenticator >>>>> >>>>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>>>> P+Authenticator >>>>> >>>>> Thanks, >>>>> Kathees >>>>> >>>>> -- >>>>> Kathees >>>>> Software Engineer, >>>>> email: [email protected] >>>>> mobile: +94772596173 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Ishara Karunarathna >>>> Associate Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> >>> Best Regards, >>> >>> Malaka Silva >>> Senior Technical Lead >>> M: +94 777 219 791 >>> Tel : 94 11 214 5345 >>> Fax :94 11 2145300 >>> Skype : malaka.sampath.silva >>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>> Blog : http://mrmalakasilva.blogspot.com/ >>> >>> WSO2, Inc. >>> lean . enterprise . middleware >>> https://wso2.com/signature >>> http://www.wso2.com/about/team/malaka-silva/ >>> <http://wso2.com/about/team/malaka-silva/> >>> https://store.wso2.com/store/ >>> >>> Don't make Trees rare, we should keep them with care >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > Best Regards, > > Malaka Silva > Senior Technical Lead > M: +94 777 219 791 > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > https://wso2.com/signature > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Don't make Trees rare, we should keep them with care > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
