[
https://issues.apache.org/jira/browse/SYNCOPE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15350503#comment-15350503
]
Francesco Chicchiriccò commented on SYNCOPE-880:
------------------------------------------------
[~nscendoni], thanks for moving forward with this, looks like a great addition
to Syncope.
I would identify the following components to be added / extended:
# new state in the user workflow ("pending recertification") - this both for
[production|https://github.com/apache/syncope/blob/master/core/workflow-activiti/src/main/resources/userWorkflow.bpmn20.xml]
and
[test|https://github.com/apache/syncope/blob/master/fit/core-reference/src/main/resources/userWorkflow.bpmn20.xml]
workflow
this new state should be an Activiti User Task with associated approval forrm
- see [this
example|https://github.com/apache/syncope/blob/master/fit/core-reference/src/main/resources/userWorkflow.bpmn20.xml#L46-L53]
in the test workflow
# new state in the user workflow that takes care of actions to perform *after*
recertification (either suceeding or failing): can be Java task or Groovy -
again fotr both production and test workflow defnitions
# new method into the {{UserWofkflowAdapter}} for moving users into this new
"pending recertification" state
# pre-defined scheduled task (which can be run on request or scheduled, as
usual) that, as you suggest above, moves users into this new state
# pre-defined recertification reportlet and report
All this above require some dedicated configuration parameters:
# the group of users responsible for recertification
# the FIQL string (e.g. the user filter) to be used for selecting users to be
moved into the "pending recertification" state
and a few plain schema attributes, which should be included in the default
content - or maybe better to be added as user properties, like as [some
others|https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/AnnotatedEntity.java]:
# lastRecertification (Date)
# lastRecertificator (String, for username)
Feel free to comment, ask, preferably here in JIRA rather than [in
GitHub|https://github.com/apache/syncope/pull/26], thanks!
> Identity Recertification
> ------------------------
>
> Key: SYNCOPE-880
> URL: https://issues.apache.org/jira/browse/SYNCOPE-880
> Project: Syncope
> Issue Type: New Feature
> Components: console, core, enduser
> Reporter: Nicola Scendoni
> Priority: Minor
>
> Identify Re-certification is required for many national and international
> standards like SOX, GxP, etc.
> The idea is to implement one scheduled task that filter users basing on some
> attributes (example: last recertification date, role,...) and move then on
> one state "to be certified" and assign one task to some group that has the
> responsibility to recertified the user, or delete it from the system.
> Some report should report evidence about when the users have been recertified
> and who was the certifier.
>
> This feature would be also the starting point to create account, role and
> groups re-certifications.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
