Hi Thanuja, Yes, comparing the pros and cons I also feels that the approach 2 is more suitable.
Thanks, Maduranga. On Wed, Dec 7, 2016 at 7:12 AM, Thanuja Jayasinghe <[email protected]> wrote: > Hi All, > > In the IS 6.0.0 Identity Store design we facilitate to have multiple user > domains, each contains one or more identity/credential store connectors. > Also, same identity/credential store connector may reside in two different > domains. So there is a requirement to identify a user uniquely throughout > the system. > > *Approach One* > > Calculate unique user id as a combination of domain id and connector wise > user mappings. Use a signing mechanism to ensure the integrity of the id. > > Ex: {domain-id}.{connector-id : connector-user-id}*.{digest-value} => > 12.{c1:[email protected]}{c2:78451244}.W4sU2s > > Pros: > > - Can verify the user without a database call by recalculating the > digest value of the id. > - Can identify the domain and connector wise mapping without a > database call if server received the id. > > Cons: > > - If a connector added or removed from the domain, then the unique id > will be a different one. So need to have a constraint there. > - In a scenario where we have multiple connectors, during a user claim > update, some connectors may be added to the id. Since when we create a user > we may not add attributes to all the connectors. > - Having a valid unique user id does not guarantee that user still > exists in the system. > - Unique id may be lengthy. > > > *Approach Two* > > Calculate unique user id as a combination of domain id and a random UUID. > > Ex: {domain-id}.{random-uuid} => 12.A1j88KlmSKAl74 > > Pros: > > - Can identify the domain without a database call. > - Can add or remove connectors without changing the unique user id. > - User claim update does not affect the unique user id value. > - Fairly small id compared to the approach one. > > > Cons: > > - Need a database call to get the connector mappings. > > > It feels like approach two is more suitable for the identity store. WDYT? > > Thanks, > Thanuja > > -- > *Thanuja Lakmal* > Senior Software Engineer > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 +94758009992 > -- Maduranga Siriwardena Software Engineer WSO2 Inc; http://wso2.com/ Email: [email protected] Mobile: +94718990591 Blog: http://madurangasblogs.blogspot.com/ <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
