Hi Kathees, Did we release this? If not please update once done..
On Sat, Oct 8, 2016 at 6:51 AM, Malaka Silva <[email protected]> wrote: > My understanding here is what we try to do here is getting generic methods > (Utils) to a common module. Nothing more. > > Dynamic sequence is something that should be supported from IS product > framework in the future. > > On Fri, Oct 7, 2016 at 10:06 PM, Harsha Thirimanna <[email protected]> > wrote: > >> This is kind of dynamic sequence bases on different factors like per user >> , per group , right ? >> Do you guys have concrete plan for this ? Then shall we discuss this >> design before jump to the code ? >> >> *Harsha Thirimanna* >> Associate Tech Lead | WSO2 >> >> Email: [email protected] >> Mob: +94715186770 >> Blog: http://harshathirimanna.blogspot.com/ >> Twitter: http://twitter.com/harshathirimann >> Linked-In: linked-in: http://www.linkedin.com/pub/ha >> rsha-thirimanna/10/ab8/122 >> <http://wso2.com/signature> >> >> On Fri, Oct 7, 2016 at 12:10 PM, Kathees Rajendram <[email protected]> >> wrote: >> >>> Thanks for the comments and suggestions. >>> >>> The subject may be mislead. We need to create a utility component with >>> common use cases. Basically we are providing generalized component and the >>> common use cases are applicable for most of authenticators. >>> >>> As you said, alternative authentication flow is not in authenticator >>> level and a use case for IS framework is, if we configure a >>> authenticator flow for particular SP, that will be applicable for all >>> users. Based on the user role or the policy, we need to have the a >>> authentication access model. For example:- For particular user group, we >>> need to enable two factor authenticator (Basic + SMS OTP), for other user >>> group, we need to have Basic + other factor (Basic + RSA or Token2) and >>> for some other user group, we need basic or social login. This should be >>> configurable. >>> >>> We are building common use cases for the authenticators [1]. Please add >>> if anything, we can include in authentication level. >>> >>> [1] - https://store.wso2.com/store/assets/isconnector/list >>> >>> Thanks, >>> Kathees >>> >>> On Thu, Oct 6, 2016 at 2:43 PM, Ishara Karunarathna <[email protected]> >>> wrote: >>> >>>> Hi Malaka. >>>> >>>> On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> wrote: >>>> >>>>> >>>>> >>>>> On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna <[email protected] >>>>> > wrote: >>>>> >>>>>> Hi Malaka. >>>>>> >>>>>> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> wrote: >>>>>> >>>>>>> Hi Ishara, >>>>>>> >>>>>>> I guess the subject is bit misleading. What we are trying to achieve >>>>>>> here is to put common functionalities used by all / most of the IS >>>>>>> extensions. >>>>>>> >>>>>>> For example we have done a improvement to totp to support multi >>>>>>> tenancy. These logic's are built into totp and that is wrong. So we are >>>>>>> planning to have these in this module. >>>>>>> >>>>>> I think here you are trying to implement utility component to be used >>>>>> in authenticates. >>>>>> >>>>> yes >>>>> >>>>> >>>> Then +1 for have utility component with common usecases. >>>> >>>>> >>>>>>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi kathees, >>>>>>>> >>>>>>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I am working on creating common extension framework for IS >>>>>>>>> authenticators. >>>>>>>>> >>>>>>>> Can you explain more on this. What is the existing problem and how >>>>>>>> its going to fix this framework. >>>>>>>> >>>>>>>> At the moment we have authentication framework where we mainly >>>>>>>> handle the authentication related operations and Authenticators >>>>>>>> are one of the connectors that can be plugged in to authentication >>>>>>>> framework. >>>>>>>> So why do we need another framework for authenticates. >>>>>>>> >>>>>>>> And I think following items also more specific to authenticates and >>>>>>>> I don't think we can use them in all authenticates. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Ishara >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> In extension common framework, I am planing to add the following >>>>>>>>> features which can be reused in authenticators. >>>>>>>>> >>>>>>>>> - Federated authenticator support - Currently, two-factor >>>>>>>>> authenticator supports basic authenticator in the first step and >>>>>>>>> federated >>>>>>>>> authentication in first factor supports only in TOTP >>>>>>>>> authenticator. I am >>>>>>>>> planing to add this federated authenticator support in common >>>>>>>>> framework so >>>>>>>>> we can reuse in all two factor authenticators. >>>>>>>>> >>>>>>>>> >>>>>>>>> - Account Lock/Unlock - Currently, we don't have any limit >>>>>>>>> for applying the code in two factor authenticator authentication. >>>>>>>>> I am >>>>>>>>> planing to add Lock a user account functionality [1] when >>>>>>>>> configurable >>>>>>>>> number of applying code attempts are exceeded in second step of >>>>>>>>> authentication. >>>>>>>>> >>>>>>>>> >>>>>>>>> - Alternative authentication steps >>>>>>>>> >>>>>>>>> Backup Phone no - Add backup phone so user can still >>>>>>>>> sign in if user lose phone and add alternative step as backup phone >>>>>>>>> no. >>>>>>>>> Backup codes - These printable one-off pass codes >>>>>>>>> allow you to sign in when away from your phone, like when you’re >>>>>>>>> traveling. >>>>>>>>> Currently We have similar >>>>>>>>> functionality in SMS OTP authenticator,We will move to IS >>>>>>>>> authenticator >>>>>>>>> common framework which can be used in other authenticators. >>>>>>>>> >>>>>>>> Is this specific to a authinticator? >>>>>>> >>>>>>> >>>>>>> >>>>>> Yes I think above listed stuff are specific to each authenticators. >>>>>> For example if you think of Alternative authentication step, That >>>>>> alternative mechanism should have some relation with the >>>>>> the configured authenticators. >>>>>> Actually if should not be a functionality of the authenticator this >>>>>> is something we should implement introducing policy base >>>>>> dynamic authentication flows. Then we should be able to configures >>>>>> authenticates, alternative authenticates, Security levels etc. >>>>>> with a policy. >>>>>> >>>>>>> >>>>>>>>> - HOTP and TOTP algorithm based code generation - We can reuse >>>>>>>>> OTP code generation in SMS [2] and Email OTP [3], TOTP [4] >>>>>>>>> authenticators. >>>>>>>>> >>>>>>>>> >>>>>>>>> Supporting muti tenancy should be added. >>>>>>> >>>>>>> >>>>>> Normally we associate an authenticator to a SP in a given tenant so >>>>>> do we need to handle tenancy in a authenticator level ? >>>>>> >>>>> No issues is how can we keep configuration bound to a tenant in local >>>>> authinticators. >>>>> >>>>> Eg:- Keep configs for the super teanant in local file and per tenant >>>>> in registry. >>>>> >>>> Yes this is some thing you can put in to your component. And better to >>>> put general requirements only to that. >>>> >>>> -Ishara >>>> >>>>> >>>>>> Thanks, >>>>>> Ishara >>>>>> >>>>>> >>>>>>> Please let me know if you have any concerns. >>>>>>>>> >>>>>>>>> [1] - https://docs.wso2.com/display/IS520/User+Account+Locking+and >>>>>>>>> +Account+Disabling >>>>>>>>> >>>>>>>>> [2] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+SMSOT >>>>>>>>> P+Authenticator >>>>>>>>> >>>>>>>>> [3] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Email >>>>>>>>> OTP+Authenticator >>>>>>>>> >>>>>>>>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>>>>>>>> P+Authenticator >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Kathees >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Kathees >>>>>>>>> Software Engineer, >>>>>>>>> email: [email protected] >>>>>>>>> mobile: +94772596173 >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Ishara Karunarathna >>>>>>>> Associate Technical Lead >>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>> >>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>> mobile: +94717996791 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Best Regards, >>>>>>> >>>>>>> Malaka Silva >>>>>>> Senior Technical Lead >>>>>>> M: +94 777 219 791 >>>>>>> Tel : 94 11 214 5345 >>>>>>> Fax :94 11 2145300 >>>>>>> Skype : malaka.sampath.silva >>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>> >>>>>>> WSO2, Inc. >>>>>>> lean . enterprise . middleware >>>>>>> https://wso2.com/signature >>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>> https://store.wso2.com/store/ >>>>>>> >>>>>>> Don't make Trees rare, we should keep them with care >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ishara Karunarathna >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>> >>>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>>> +94717996791 >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Best Regards, >>>>> >>>>> Malaka Silva >>>>> Senior Technical Lead >>>>> M: +94 777 219 791 >>>>> Tel : 94 11 214 5345 >>>>> Fax :94 11 2145300 >>>>> Skype : malaka.sampath.silva >>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>> >>>>> WSO2, Inc. >>>>> lean . enterprise . middleware >>>>> https://wso2.com/signature >>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>> <http://wso2.com/about/team/malaka-silva/> >>>>> https://store.wso2.com/store/ >>>>> >>>>> Don't make Trees rare, we should keep them with care >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Ishara Karunarathna >>>> Associate Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Kathees >>> Software Engineer, >>> email: [email protected] >>> mobile: +94772596173 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > Best Regards, > > Malaka Silva > Senior Technical Lead > M: +94 777 219 791 > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > https://wso2.com/signature > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Don't make Trees rare, we should keep them with care > -- Best Regards, Malaka Silva Senior Technical Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware https://wso2.com/signature http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> https://store.wso2.com/store/ Don't make Trees rare, we should keep them with care
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
