On Mon, Feb 5, 2018 at 12:56 PM, Nuwan Dias <nuw...@wso2.com> wrote: > > > On Mon, Feb 5, 2018 at 12:36 PM, Asela Pathberiya <as...@wso2.com> wrote: > >> >> >> On Mon, Feb 5, 2018 at 12:10 PM, Nuwan Dias <nuw...@wso2.com> wrote: >> >>> As mentioned on the subject itself, these are Identity Management and >>> Identity Governance features. They don't closely tie in with API >>> Management. Therefore I think its fine to recommend IS for those kind of >>> use cases. >>> >>> Installing these features to APIM at this point in time is also a >>> problem due to its roadmap with 3.0. If we install these features into APIM >>> users will see these as first class features of our APIM offering, they >>> won't see this as something coming from IS. >>> >> >> APIM store is public facing for end users. It already supports for user >> registration which is also identity management feature. It is a question, >> why can't it support features such as password recovery/policies/email >> activation by default. >> > > Its not that it can't. Its a question of where do we draw the line between > IS and APIM. My opinion is that the current user registration (with > workflow support) and password reset options are just enough for the OOTB > product. You can have many more scenarios than listed above. Such as Login > with Facebook, Multifactor Authentication, etc and the list could go on. I > think its fine to ask users to integrate with IS for advanced scenarios. >
We have very clear boundaries between API-M and IS, this is the whole point for maintaining IS as the key manager profile so that users can get both IS and KM capabilities from a single runtime, I don't see any valid point to make API-M runtime more complicate by adding some random IS features (in this case Identity Governance features) hence I'm also -1 for original suggestion. IMO two runtime concept we have today ( API-M KM and IS as KM ) is enough to cater simple API security requirements to complex IAM requirements. Thanks ! > >> If product supports for public user registration, it must support for all >> other identity management features as well. >> >> Are we removing the user registration from APIM 3.0 ? >> > > No, that would be there. But we don't have plans to support anything else. > Since there's no C5 based IS yet, we are writing all the user management > capabilities from scratch to even get the basic functionality. The need to > support more and more scenarios would create a lot more work than already > planned. Risking its deadlines. > >> >> Thanks, >> Asela. >> >> >>> Which means that users would expect the same set of features on 3.0 as >>> well. Therefore I would be -1 to installing these features on APIM. >>> >>> On Mon, Feb 5, 2018 at 9:49 AM, Asela Pathberiya <as...@wso2.com> wrote: >>> >>>> Hi All, >>>> >>>> There are several customers/users who are looking for $subject with >>>> APIM. Specially following features >>>> >>>> 1. Account lock/disable >>>> 2. Password/Account recovery >>>> 3. Password policies >>>> >>>> We are usually not recommending the feature installation. Therefore, >>>> shall we ship these features by default with APIM. >>>> >>>> However, we can suggests to use WSO2IS as KM, but we need to consider >>>> on >>>> >>>> 1. Cost on running WSO2IS (infra cost) >>>> 2. All in one deployment >>>> 3. First impression on the IAM feature list of APIM. >>>> >>>> WDYT ? >>>> >>>> Thanks, >>>> Asela. >>>> >>>> -- >>>> Thanks & Regards, >>>> Asela >>>> >>>> ATL >>>> Mobile : +94 777 625 933 <+94%2077%20762%205933> >>>> +358 449 228 979 >>>> >>>> http://soasecurity.org/ >>>> http://xacmlinfo.org/ >>>> >>> >>> >>> >>> -- >>> Nuwan Dias >>> >>> Software Architect - WSO2, Inc. http://wso2.com >>> email : nuw...@wso2.com >>> Phone : +94 777 775 729 <+94%2077%20777%205729> >>> >> >> >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 <+94%2077%20762%205933> >> +358 449 228 979 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> > > > > -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 <+94%2077%20777%205729> > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Sagara Gunathunga Director; WSO2, Inc.; http://wso2.com Linkedin; http://www.linkedin.com/in/ssagara Blog ; http://ssagara.blogspot.com Mobile : +9471 <+94%2071%20565%209887>2149951
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture