Hi All,
In the IS 6.0.0 Identity Store design we facilitate to have multiple user
domains, each contains one or more identity/credential store connectors.
Also, same identity/credential store connector may reside in two different
domains. So there is a requirement to identify a user uniquely throughout
the system.
*Approach One*
Calculate unique user id as a combination of domain id and connector wise
user mappings. Use a signing mechanism to ensure the integrity of the id.
Ex: {domain-id}.{connector-id : connector-user-id}*.{digest-value} =>
12.{c1:[email protected]}{c2:78451244}.W4sU2s
Pros:
- Can verify the user without a database call by recalculating the
digest value of the id.
- Can identify the domain and connector wise mapping without a database
call if server received the id.
Cons:
- If a connector added or removed from the domain, then the unique id
will be a different one. So need to have a constraint there.
- In a scenario where we have multiple connectors, during a user claim
update, some connectors may be added to the id. Since when we create a user
we may not add attributes to all the connectors.
- Having a valid unique user id does not guarantee that user still
exists in the system.
- Unique id may be lengthy.
*Approach Two*
Calculate unique user id as a combination of domain id and a random UUID.
Ex: {domain-id}.{random-uuid} => 12.A1j88KlmSKAl74
Pros:
- Can identify the domain without a database call.
- Can add or remove connectors without changing the unique user id.
- User claim update does not affect the unique user id value.
- Fairly small id compared to the approach one.
Cons:
- Need a database call to get the connector mappings.
It feels like approach two is more suitable for the identity store. WDYT?
Thanks,
Thanuja
--
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
