My understanding here is what we try to do here is getting generic methods (Utils) to a common module. Nothing more.
Dynamic sequence is something that should be supported from IS product framework in the future. On Fri, Oct 7, 2016 at 10:06 PM, Harsha Thirimanna <[email protected]> wrote: > This is kind of dynamic sequence bases on different factors like per user > , per group , right ? > Do you guys have concrete plan for this ? Then shall we discuss this > design before jump to the code ? > > *Harsha Thirimanna* > Associate Tech Lead | WSO2 > > Email: [email protected] > Mob: +94715186770 > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > > On Fri, Oct 7, 2016 at 12:10 PM, Kathees Rajendram <[email protected]> > wrote: > >> Thanks for the comments and suggestions. >> >> The subject may be mislead. We need to create a utility component with >> common use cases. Basically we are providing generalized component and the >> common use cases are applicable for most of authenticators. >> >> As you said, alternative authentication flow is not in authenticator >> level and a use case for IS framework is, if we configure a >> authenticator flow for particular SP, that will be applicable for all >> users. Based on the user role or the policy, we need to have the a >> authentication access model. For example:- For particular user group, we >> need to enable two factor authenticator (Basic + SMS OTP), for other user >> group, we need to have Basic + other factor (Basic + RSA or Token2) and >> for some other user group, we need basic or social login. This should be >> configurable. >> >> We are building common use cases for the authenticators [1]. Please add >> if anything, we can include in authentication level. >> >> [1] - https://store.wso2.com/store/assets/isconnector/list >> >> Thanks, >> Kathees >> >> On Thu, Oct 6, 2016 at 2:43 PM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi Malaka. >>> >>> On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> wrote: >>> >>>> >>>> >>>> On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna <[email protected]> >>>> wrote: >>>> >>>>> Hi Malaka. >>>>> >>>>> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> wrote: >>>>> >>>>>> Hi Ishara, >>>>>> >>>>>> I guess the subject is bit misleading. What we are trying to achieve >>>>>> here is to put common functionalities used by all / most of the IS >>>>>> extensions. >>>>>> >>>>>> For example we have done a improvement to totp to support multi >>>>>> tenancy. These logic's are built into totp and that is wrong. So we are >>>>>> planning to have these in this module. >>>>>> >>>>> I think here you are trying to implement utility component to be used >>>>> in authenticates. >>>>> >>>> yes >>>> >>>> >>> Then +1 for have utility component with common usecases. >>> >>>> >>>>>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi kathees, >>>>>>> >>>>>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I am working on creating common extension framework for IS >>>>>>>> authenticators. >>>>>>>> >>>>>>> Can you explain more on this. What is the existing problem and how >>>>>>> its going to fix this framework. >>>>>>> >>>>>>> At the moment we have authentication framework where we mainly >>>>>>> handle the authentication related operations and Authenticators >>>>>>> are one of the connectors that can be plugged in to authentication >>>>>>> framework. >>>>>>> So why do we need another framework for authenticates. >>>>>>> >>>>>>> And I think following items also more specific to authenticates and >>>>>>> I don't think we can use them in all authenticates. >>>>>>> >>>>>>> Thanks, >>>>>>> Ishara >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> In extension common framework, I am planing to add the following >>>>>>>> features which can be reused in authenticators. >>>>>>>> >>>>>>>> - Federated authenticator support - Currently, two-factor >>>>>>>> authenticator supports basic authenticator in the first step and >>>>>>>> federated >>>>>>>> authentication in first factor supports only in TOTP authenticator. >>>>>>>> I am >>>>>>>> planing to add this federated authenticator support in common >>>>>>>> framework so >>>>>>>> we can reuse in all two factor authenticators. >>>>>>>> >>>>>>>> >>>>>>>> - Account Lock/Unlock - Currently, we don't have any limit for >>>>>>>> applying the code in two factor authenticator authentication. I am >>>>>>>> planing >>>>>>>> to add Lock a user account functionality [1] when configurable >>>>>>>> number of >>>>>>>> applying code attempts are exceeded in second step of >>>>>>>> authentication. >>>>>>>> >>>>>>>> >>>>>>>> - Alternative authentication steps >>>>>>>> >>>>>>>> Backup Phone no - Add backup phone so user can still >>>>>>>> sign in if user lose phone and add alternative step as backup phone no. >>>>>>>> Backup codes - These printable one-off pass codes >>>>>>>> allow you to sign in when away from your phone, like when you’re >>>>>>>> traveling. >>>>>>>> Currently We have similar >>>>>>>> functionality in SMS OTP authenticator,We will move to IS authenticator >>>>>>>> common framework which can be used in other authenticators. >>>>>>>> >>>>>>> Is this specific to a authinticator? >>>>>> >>>>>> >>>>>> >>>>> Yes I think above listed stuff are specific to each authenticators. >>>>> For example if you think of Alternative authentication step, That >>>>> alternative mechanism should have some relation with the >>>>> the configured authenticators. >>>>> Actually if should not be a functionality of the authenticator this >>>>> is something we should implement introducing policy base >>>>> dynamic authentication flows. Then we should be able to configures >>>>> authenticates, alternative authenticates, Security levels etc. >>>>> with a policy. >>>>> >>>>>> >>>>>>>> - HOTP and TOTP algorithm based code generation - We can reuse >>>>>>>> OTP code generation in SMS [2] and Email OTP [3], TOTP [4] >>>>>>>> authenticators. >>>>>>>> >>>>>>>> >>>>>>>> Supporting muti tenancy should be added. >>>>>> >>>>>> >>>>> Normally we associate an authenticator to a SP in a given tenant so do >>>>> we need to handle tenancy in a authenticator level ? >>>>> >>>> No issues is how can we keep configuration bound to a tenant in local >>>> authinticators. >>>> >>>> Eg:- Keep configs for the super teanant in local file and per tenant >>>> in registry. >>>> >>> Yes this is some thing you can put in to your component. And better to >>> put general requirements only to that. >>> >>> -Ishara >>> >>>> >>>>> Thanks, >>>>> Ishara >>>>> >>>>> >>>>>> Please let me know if you have any concerns. >>>>>>>> >>>>>>>> [1] - https://docs.wso2.com/display/IS520/User+Account+Locking+and >>>>>>>> +Account+Disabling >>>>>>>> >>>>>>>> [2] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+SMSOT >>>>>>>> P+Authenticator >>>>>>>> >>>>>>>> [3] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Email >>>>>>>> OTP+Authenticator >>>>>>>> >>>>>>>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>>>>>>> P+Authenticator >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Kathees >>>>>>>> >>>>>>>> -- >>>>>>>> Kathees >>>>>>>> Software Engineer, >>>>>>>> email: [email protected] >>>>>>>> mobile: +94772596173 >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ishara Karunarathna >>>>>>> Associate Technical Lead >>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>> >>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>> mobile: +94717996791 >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Best Regards, >>>>>> >>>>>> Malaka Silva >>>>>> Senior Technical Lead >>>>>> M: +94 777 219 791 >>>>>> Tel : 94 11 214 5345 >>>>>> Fax :94 11 2145300 >>>>>> Skype : malaka.sampath.silva >>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>> >>>>>> WSO2, Inc. >>>>>> lean . enterprise . middleware >>>>>> https://wso2.com/signature >>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>> https://store.wso2.com/store/ >>>>>> >>>>>> Don't make Trees rare, we should keep them with care >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Associate Technical Lead >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>> +94717996791 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Malaka Silva >>>> Senior Technical Lead >>>> M: +94 777 219 791 >>>> Tel : 94 11 214 5345 >>>> Fax :94 11 2145300 >>>> Skype : malaka.sampath.silva >>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>> Blog : http://mrmalakasilva.blogspot.com/ >>>> >>>> WSO2, Inc. >>>> lean . enterprise . middleware >>>> https://wso2.com/signature >>>> http://www.wso2.com/about/team/malaka-silva/ >>>> <http://wso2.com/about/team/malaka-silva/> >>>> https://store.wso2.com/store/ >>>> >>>> Don't make Trees rare, we should keep them with care >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Kathees >> Software Engineer, >> email: [email protected] >> mobile: +94772596173 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Best Regards, Malaka Silva Senior Technical Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware https://wso2.com/signature http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> https://store.wso2.com/store/ Don't make Trees rare, we should keep them with care
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
