On Sat, Mar 11, 2017 at 11:33 AM, Johann Nallathamby <[email protected]> wrote:
> > > On Sat, Mar 11, 2017 at 8:58 AM, Thanuja Jayasinghe <[email protected]> > wrote: > >> Hi Johann, >> >> We use same "claim management" in SP configuration as well. So these >> attributes will be available for them also. When it comes to "userid", two >> SPs which use same claim configuration can have two different claims. >> > > No. Two SPs can request two different claims as the Subject. But the > unique user identifier claim must be specific to the dialect. E.g. SCIM 2.0 > defines "userName" as the human-friendly unique identifier for the user. > SCIM 2.0 in fact defines the "id" claim also which is a non-human-friendly > unique identifier for a user. Although we don't need to support multiple > unique identifiers we at least need to support one so that it will be the > default subject if user doesn't select any other claim. > So, we also provide the ovridding capability at the SP configuration level? > > >> >> So, to avoid the confusion shall we rename it to something like >> "feduserid"? >> > > If we go by my above explanation this is not required. > > >> >> Thanks, >> >> On Mon, Mar 6, 2017 at 3:09 AM, Johann Nallathamby <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Any foreign dialect that we define using claim management, must have two >>> special attributes indicating the "userid" claim and the "role" claim. >>> >>> "userid" claim is required for use cases like authentication and >>> provisioning. "role" claim is needed for role mapping and access control. >>> >>> In C4 we had this at the IDP configuration level. In C5, since we have >>> extracted all the claim configuration from IDP to "claim management", and >>> just refer to the dialect alone in IDP configuration, we need to identify >>> these two special attributes also in the claim dialect management level. >>> This configuration will be fixed for any real IDP. >>> >>> What are your ideas? >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> *Thanuja Lakmal* >> Senior Software Engineer >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 +94758009992 >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- *Thanuja Lakmal* Senior Software Engineer WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891 +94758009992
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
