Hasanthi Dissanayake Software Engineer | WSO2
E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/> ---------- Forwarded message ---------- From: Hasanthi Purnima Dissanayake <[email protected]> Date: Fri, Oct 13, 2017 at 8:13 AM Subject: Providing scope wise consent as a WUM update To: architecture <[email protected]> Cc: Prabath Siriwardena <[email protected]>, Darshana Gunawardana < [email protected]>, Johann Nallathamby <[email protected]>, Sagara Gunathunga <[email protected]>, Ruwan Abeykoon <[email protected]>, Pushpalanka Jayawardhana <[email protected]>, Seshika Fernando <[email protected]>, Farasath Ahamed <[email protected]>, Maduranga Siriwardena < [email protected]>, Ishara Karunarathna <[email protected]>, Isura Karunaratne <[email protected]>, Gayan Gunawardana <[email protected]>, Thanuja Jayasinghe <[email protected]>, Waruna De Silva <[email protected]> Hi All, For the PSD2 compliance we need to provide scope wise consent. (Actually this is claim wise consent, but we thought of storing claims as scopes in the registry to avoid complications). In the current implementation we persist consent in the "IDN_OPENID_USER_RPS" per user per application. Here we persist the details of applications which have the consent 'approve_always'. As this implementation is planned to ship as a update for IS5.3.0. we can't do schema changes. So how can we store those scope-consent mapping? 1. In the "IDN_OPENID_USER_RPS" table we have a column like "trusted_always". If we go with storing scopes in the above column, that column length is not enough to store scopes. We will have to follow the method of storing the hash here, while storing the scopes in another table. So introducing a new table is again a schema change. And most importantly this will break the flows of existing customers who are already using this. 2. Shall we store this mapping in the registry as we have stored scope-claim mapping? So we can suggest an optional configuration for the user to select whether heneeds to use registry to use scope wise consent or our existing table to use consent per user per application as before. Actually this is for preserving the backward compatibility. Kindly expected your feedbacks and suggestions on this. Thanks, Hasanthi Dissanayake Software Engineer | WSO2 E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
