Hi Akalanka, On Tue, Oct 11, 2016 at 6:09 PM, Kishanthan Thangarajah <[email protected] > wrote:
> Hi Akalanka, > > > On Tue, Oct 11, 2016 at 4:58 PM, Akalanka Pagoda Arachchi < > [email protected]> wrote: > >> Hi All, >> >> We're implementing the Unique User Id concept in C5 User Core. This >> evolved as a requirement with the introduction of the Domain model to the >> User Core. >> >> The user domain model is as follows. >> >> - Users are available in multiple domains. >> - Each domain can contain more than one IdentityStoreConnector. >> - Each connector will have a set of user attributes. >> - A user is an object created by combining all the attributes in >> IdentityStoreConnectors for a domain. >> - Each user attribute from an IdentityStoreConnector maps to a >> specific claim. >> >> When resolving a user, there should be a mapping to identify the same >> user between different connectors. For this purpose we're introducing a >> Unique User Id concept. The idea behind Unique User Id is as follows. >> >> Apart from this Unique ID is a immutable attribute that use has (same as scimID), so user can change any attributes (even user name) but still we should be able to uniquely identify the user with this id within the system. > >> - A Unique User Id will be unique across the User-Core no matter the >> domain the user in. >> >> Are you saying that this ID will be unique across all the domains? > >> >> - This unique Id will be maintained in a database table. >> - The table will contain mapping for the Unique Id to each >> connectors' individual user Id. >> GlobalUniqueId | ConnectorUserId | ConnectorId >> >> > In here, can you also clearly explain the relationship between GlobalUniqueId, > ConnectorUserId and/or UniqueUserId? Because, this will cause confusion as > they all refer as an identifier for the user. > > And how they will be used in resolving a user? > > > >> When retrieving all the Claims for a User, following sequence will be >> followed. >> >> - Get user from primary attribute >> >> Need to explain what is a primary attribute here with an example? Also > how primary attribute is configured at connector level? > >> >> - Get unique user Id from mapping table for that user >> - Find the connector which has the required attribute >> - Get connector specific user Id for the required connector from the >> mapping table >> - Retrieve attribute value from that connector. >> >> A simplified sequence diagram for this flow is as below. >> > > In the below sequence diagram, I think we have missed how the UniqueUserId > is retrieved before calling the UserBuilder.setUniqueUserID. Is that > correct? > > >> >> >> >> >> *Sequence Diagram for getClaim* >> >> One important note on this implementation is that as of the current >> design UserCore will not be responsible for populating the unique user Id >> mapping table. How and where this should be populated is still an open >> discussion. Any suggestions are welcome. >> > > > How many DB/connector level calls that this will have in doing a typical > user retrieval with above suggestion? What will be the performance impact? > Yes definitely we should be careful on the number of IO operation we do in each flows. Since it has a big impact when it comes to Identity server related operations. > > Thanks, > Kishanthan. > >> >> Thanks, >> Akalanka. >> >> >> >> -- >> *Darshana Akalanka Pagoda Arachchi,* >> *Senior Software Engineer, WSO2* >> *+94777118016 <%2B94777118016>* >> > > > > -- > *Kishanthan Thangarajah* > Technical Lead, > Platform Technologies Team, > WSO2, Inc. > lean.enterprise.middleware > > Mobile - +94773426635 > Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>* > Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
