On Fri, Mar 24, 2017 at 3:25 PM, Sagara Gunathunga <[email protected]> wrote:
> > > On Wed, Mar 8, 2017 at 12:51 AM, Johann Nallathamby <[email protected]> > wrote: > >> >> >> On Tue, Mar 7, 2017 at 9:43 AM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi, >>> >>> In SCIM domain is used to represent the whole administrative >>> provisioning system . So I don't think domain discuss in the spec directly >>> map to the domain concept we have. >>> >>> In the spec when defining the tenants they have the option to use tenant >>> domain as a path parameter or sub domain. >>> >>> A URL prefix: "https://www.example.com/Tenants/{tenant_id}/v2/Users";. >>> A sub-domain: "https://{tenant_id}.example.com/v2/Groups";. >>> >>> I think better if we can follow the same patter to userDomains. >>> >> >> The problem with this approach is we can't cater for Omindu's >> requirement, to be able to give multiple domains and say to search from >> them. So I also feel going with query parameters is a good option, since >> SCIM 2.0 allows to use custom parameters. Also we don't need to represent a >> identity store as part of the resource URL. Its OK for tenants because one >> tenant will only have one URL. But when it comes to identity stores, one >> tenant will then have multiple URLs which is not spec compliant I guess. >> >> So +1 for query parameters. And by the way +1 to use a different name to >> avoid confusion. >> > > From spec interoperability POV what is the response if a client send > following 2 requests assuming if we implements above query parameter > approach? > > /scim/v2/Users > /scim/v2/Users?startIndex=1&count=2 > Since no user store specified, list users and pagination look up only PRIMARY user store. > > > Thanks ! > >> >> Regards, >> Johann. >> >> >>> -Ishara >>> >>> On Sat, Mar 4, 2017 at 8:01 PM, Vindula Jayawardana < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> According to SCIM protocol specification[1], SCIM service providers may >>>> support additional query parameters apart from the standard set of query >>>> parameters in querying resources. Hence +1 for what Gayan has proposed >>>> here. >>>> >>>> I also agree with what Omindu has proposed. I think we could even add >>>> the domain as an extension attribute rather adding it to username if >>>> necessary. However, due to the fact that IS only supports one simple filter >>>> with "eq" as the filter operation, by doing this way, we are limiting the >>>> client's ability to query a resource using another filter. For an example >>>> what if the client wants to query all users with "userType+EQ+student" in a >>>> domain of "XXXX". Since one filter is already used, this kind of queries >>>> will not be fitted in. But in the Gayan's method this can be done with the >>>> following query request. >>>> >>>> /scim/v2/Users?filter=userType+EQ+student&domain=xxxx >>>> >>>> >>>> [1] - https://tools.ietf.org/html/rfc7644#section-3.4.2 >>>> >>>> *Vindula Jayawardana* >>>> Computer Science and Engineering Dept. >>>> University of Moratuwa >>>> mobile : +713462554 >>>> Email : [email protected] >>>> >>>> <https://www.facebook.com/vindula.jayawardana> >>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >>>> <https://twitter.com/vindulajay> >>>> >>>> *“Respect is how to treat everyone, not just those you want to impress. >>>> "* >>>> >>>> >>>> *-Richard Branson-* >>>> >>>> >>>> >>>> On 3 March 2017 at 18:41, Omindu Rathnaweera <[email protected]> wrote: >>>> >>>>> Hi Gayan, >>>>> >>>>> Does the protocol permits introducing custom parameters as domain? If >>>>> so +1 for using a param. Else, we can include the domain name as a part >>>>> of >>>>> the username (IINM we support this in C4 as well), so searching only in a >>>>> particular domain will look like below. >>>>> >>>>> /scim/v2/Users?filter=userName+EQ+FOODOMAIN/* >>>>> >>>>> Also, should we look into searching within multiple domains ? >>>>> Currently we can only search either in a single domain or in all domains. >>>>> However, the identity store does not have this support yet. >>>>> >>>>> Regards, >>>>> Omindu. >>>>> >>>>> On Thu, Mar 2, 2017 at 11:41 PM, Gayan Gunawardana <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> How are we going to support SCIM list all users and list all groups >>>>>> operations when we have multiple user store domains. In C4 we could >>>>>> iterate >>>>>> through all user stores and fetch results but in C5 we highly discourage >>>>>> such a functionality due to performance impact. >>>>>> >>>>>> Basically client need to provide user store domain, when it requires >>>>>> data from secondary user store domains. >>>>>> >>>>>> My suggestion is to support custom parameter like "domain" so >>>>>> requests will be like below. >>>>>> >>>>>> /scim/v2/Users?domain=xxxx >>>>>> >>>>>> /scim/v2/Users?startIndex=1&count=2&domain=xxxx >>>>>> >>>>>> >>>>>> /scim/v2/Users?filter=userName+EQ+vindula&domain=xxxx >>>>>> >>>>>> >>>>>> @Ishara, Johann, Ayoma appreciate your input. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Gayan >>>>>> >>>>>> -- >>>>>> Gayan Gunawardana >>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>> Email: [email protected] >>>>>> Mobile: +94 (71) 8020933 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Omindu Rathnaweera >>>>> Software Engineer, WSO2 Inc. >>>>> Mobile: +94 771 197 211 <+94%2077%20119%207211> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 <+94%2071%20799%206791> >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Sagara Gunathunga > > Associate Director / Architect; WSO2, Inc.; http://wso2.com > V.P Apache Web Services; http://ws.apache.org/ > Linkedin; http://www.linkedin.com/in/ssagara > Blog ; http://ssagara.blogspot.com > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
