Thanks for the comments and suggestions. The subject may be mislead. We need to create a utility component with common use cases. Basically we are providing generalized component and the common use cases are applicable for most of authenticators.
As you said, alternative authentication flow is not in authenticator level and a use case for IS framework is, if we configure a authenticator flow for particular SP, that will be applicable for all users. Based on the user role or the policy, we need to have the a authentication access model. For example:- For particular user group, we need to enable two factor authenticator (Basic + SMS OTP), for other user group, we need to have Basic + other factor (Basic + RSA or Token2) and for some other user group, we need basic or social login. This should be configurable. We are building common use cases for the authenticators [1]. Please add if anything, we can include in authentication level. [1] - https://store.wso2.com/store/assets/isconnector/list Thanks, Kathees On Thu, Oct 6, 2016 at 2:43 PM, Ishara Karunarathna <[email protected]> wrote: > Hi Malaka. > > On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> wrote: > >> >> >> On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi Malaka. >>> >>> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> wrote: >>> >>>> Hi Ishara, >>>> >>>> I guess the subject is bit misleading. What we are trying to achieve >>>> here is to put common functionalities used by all / most of the IS >>>> extensions. >>>> >>>> For example we have done a improvement to totp to support multi >>>> tenancy. These logic's are built into totp and that is wrong. So we are >>>> planning to have these in this module. >>>> >>> I think here you are trying to implement utility component to be used in >>> authenticates. >>> >> yes >> >> > Then +1 for have utility component with common usecases. > >> >>>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna <[email protected]> >>>> wrote: >>>> >>>>> Hi kathees, >>>>> >>>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I am working on creating common extension framework for IS >>>>>> authenticators. >>>>>> >>>>> Can you explain more on this. What is the existing problem and how its >>>>> going to fix this framework. >>>>> >>>>> At the moment we have authentication framework where we mainly handle >>>>> the authentication related operations and Authenticators >>>>> are one of the connectors that can be plugged in to authentication >>>>> framework. >>>>> So why do we need another framework for authenticates. >>>>> >>>>> And I think following items also more specific to authenticates and I >>>>> don't think we can use them in all authenticates. >>>>> >>>>> Thanks, >>>>> Ishara >>>>> >>>>> >>>>> >>>>>> >>>>>> In extension common framework, I am planing to add the following >>>>>> features which can be reused in authenticators. >>>>>> >>>>>> - Federated authenticator support - Currently, two-factor >>>>>> authenticator supports basic authenticator in the first step and >>>>>> federated >>>>>> authentication in first factor supports only in TOTP authenticator. I >>>>>> am >>>>>> planing to add this federated authenticator support in common >>>>>> framework so >>>>>> we can reuse in all two factor authenticators. >>>>>> >>>>>> >>>>>> - Account Lock/Unlock - Currently, we don't have any limit for >>>>>> applying the code in two factor authenticator authentication. I am >>>>>> planing >>>>>> to add Lock a user account functionality [1] when configurable number >>>>>> of >>>>>> applying code attempts are exceeded in second step of authentication. >>>>>> >>>>>> >>>>>> - Alternative authentication steps >>>>>> >>>>>> Backup Phone no - Add backup phone so user can still >>>>>> sign in if user lose phone and add alternative step as backup phone no. >>>>>> Backup codes - These printable one-off pass codes allow >>>>>> you to sign in when away from your phone, like when you’re traveling. >>>>>> Currently We have similar >>>>>> functionality in SMS OTP authenticator,We will move to IS authenticator >>>>>> common framework which can be used in other authenticators. >>>>>> >>>>> Is this specific to a authinticator? >>>> >>>> >>>> >>> Yes I think above listed stuff are specific to each authenticators. >>> For example if you think of Alternative authentication step, That >>> alternative mechanism should have some relation with the >>> the configured authenticators. >>> Actually if should not be a functionality of the authenticator this is >>> something we should implement introducing policy base >>> dynamic authentication flows. Then we should be able to configures >>> authenticates, alternative authenticates, Security levels etc. >>> with a policy. >>> >>>> >>>>>> - HOTP and TOTP algorithm based code generation - We can reuse >>>>>> OTP code generation in SMS [2] and Email OTP [3], TOTP [4] >>>>>> authenticators. >>>>>> >>>>>> >>>>>> Supporting muti tenancy should be added. >>>> >>>> >>> Normally we associate an authenticator to a SP in a given tenant so do >>> we need to handle tenancy in a authenticator level ? >>> >> No issues is how can we keep configuration bound to a tenant in local >> authinticators. >> >> Eg:- Keep configs for the super teanant in local file and per tenant in >> registry. >> > Yes this is some thing you can put in to your component. And better to put > general requirements only to that. > > -Ishara > >> >>> Thanks, >>> Ishara >>> >>> >>>> Please let me know if you have any concerns. >>>>>> >>>>>> [1] - https://docs.wso2.com/display/IS520/User+Account+Locking+and >>>>>> +Account+Disabling >>>>>> >>>>>> [2] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+SMSOT >>>>>> P+Authenticator >>>>>> >>>>>> [3] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Email >>>>>> OTP+Authenticator >>>>>> >>>>>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>>>>> P+Authenticator >>>>>> >>>>>> Thanks, >>>>>> Kathees >>>>>> >>>>>> -- >>>>>> Kathees >>>>>> Software Engineer, >>>>>> email: [email protected] >>>>>> mobile: +94772596173 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Associate Technical Lead >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>> +94717996791 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Malaka Silva >>>> Senior Technical Lead >>>> M: +94 777 219 791 >>>> Tel : 94 11 214 5345 >>>> Fax :94 11 2145300 >>>> Skype : malaka.sampath.silva >>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>> Blog : http://mrmalakasilva.blogspot.com/ >>>> >>>> WSO2, Inc. >>>> lean . enterprise . middleware >>>> https://wso2.com/signature >>>> http://www.wso2.com/about/team/malaka-silva/ >>>> <http://wso2.com/about/team/malaka-silva/> >>>> https://store.wso2.com/store/ >>>> >>>> Don't make Trees rare, we should keep them with care >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> Best Regards, >> >> Malaka Silva >> Senior Technical Lead >> M: +94 777 219 791 >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> Skype : malaka.sampath.silva >> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >> Blog : http://mrmalakasilva.blogspot.com/ >> >> WSO2, Inc. >> lean . enterprise . middleware >> https://wso2.com/signature >> http://www.wso2.com/about/team/malaka-silva/ >> <http://wso2.com/about/team/malaka-silva/> >> https://store.wso2.com/store/ >> >> Don't make Trees rare, we should keep them with care >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Kathees Software Engineer, email: [email protected] mobile: +94772596173
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
