On Sun, Feb 5, 2017 at 10:27 AM, Johann Nallathamby <[email protected]> wrote:
> > > On Sun, Feb 5, 2017 at 9:41 AM, Gayan Gunawardana <[email protected]> wrote: > >> Hi All, >> >> Conclusion is avoid adding multiple users with same user name from SCIM >> [1]. >> According to *Unique Attribute *concept Ishara mentioned even though >> user core support, having multiple users with same user name we should not >> do that. >> >> If we duplicate username even in user core level there are some other >> consequences as well like revoking access tokens for given user will fail. >> > > I don't think. We will store access tokens against the immutable UUID of > the user. So duplicate username or modifiable username is not a problem in > this case. > Suppose if we provide an API to revoke access tokens belong to particular user, immutable UUID should not be part of request parameters because immutable UUID is for our internal use. IMO we should be able to identify a user uniquely from username. Other problem is if we allow to have duplicate usernames from identity mgt level but not in SCIM level Users?filter=userName+EQ+john end up with multiple records which is kind of inconsistency. WDTY? > >> >> Username can be changed but *must not* duplicate. >> > > Which can be the case for SCIM level, but doesn't need to be the case in > identity.mgt level. > >> >> >> [1] https://wso2.org/jira/browse/IDENTITY-5698 >> >> Thanks, >> Gayan >> >> On Fri, Feb 3, 2017 at 2:49 PM, Johann Nallathamby <[email protected]> >> wrote: >> >>> >>> >>> On Fri, Feb 3, 2017 at 9:42 AM, Farasath Ahamed <[email protected]> >>> wrote: >>> >>>> IIRC, Our plan in C5 was to use the SCIM API for user signup, user >>>> provisioning etc. >>>> >>>> So if the username is a special attribute in SCIM while user core can >>>> accommodate duplicate usernames(ie. username need not be unique), when we >>>> use SCIM API in the product won't there be a mismatch? >>>> >>> >>> I don't think there will be a issue. Our identity-mgt implementation is >>> the lower layer while SCIM is the higher layer. If higher layer is more >>> restrictive than lower layer it won't be an issue. Other way around would >>> be a issue. >>> >>> >>>> >>>> >>>> Farasath Ahamed >>>> Software Engineer, WSO2 Inc.; http://wso2.com >>>> Mobile: +94777603866 >>>> Blog: blog.farazath.com >>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>> <http://wso2.com/signature> >>>> >>>> >>>> >>>> On Thu, Feb 2, 2017 at 7:41 PM, Gayan Gunawardana <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Fri, Feb 3, 2017 at 8:29 AM, Johann Nallathamby <[email protected]> >>>>> wrote: >>>>> >>>>>> In our identity-mgt level we don't treat username as a special >>>>>> attribute. It's just another attribute. However in certain higher levels >>>>>> we >>>>>> may need to treat username as a special attribute. We do have a claim for >>>>>> username which I think is "http://wso2.org/claim/username";. We can >>>>>> treat this claim as the username in higher level implementations. >>>>>> >>>>>> On Fri, Feb 3, 2017 at 4:12 AM, Chamila Wijayarathna < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Gayan, >>>>>>> >>>>>>> If we can add multiple users with same user name, why do we need to >>>>>>> avoid adding multiple users in SCIM? I don't get the point here. >>>>>>> >>>>>>> If we consider two users with same username as two entities in >>>>>>> server level, it won't be a duplicate resource creation IMO, it will be >>>>>>> two >>>>>>> different resources with same username. >>>>>>> >>>>>> >>>>>> I guess what Gayan means is in SCIM 2.0 username is a special >>>>>> attribute and we can't have two users with same username attribute. It >>>>>> is a >>>>>> specification of SCIM 2.0. >>>>>> >>>>> Yes exactly. There should be a way to identify duplicate resource in >>>>> the context of SCIM. For user resource it is user name. >>>>> >>>>>> >>>>>>> Regards! >>>>>>> >>>>>>> On Fri, Feb 3, 2017 at 5:52 AM, Gayan Gunawardana <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> In C4 user name was an unique identifier and we returned http >>>>>>>> response 409 (Conflict) if user name already exist [1]. In C5 user >>>>>>>> name is >>>>>>>> just an another claim and we can add multiple users with same user >>>>>>>> name. >>>>>>>> IMO we should check isUserExist in SCIM level and avoid adding >>>>>>>> multiple users with same user name. >>>>>>>> >>>>>>>> WDYT ? >>>>>>>> >>>>>>>> [1] https://tools.ietf.org/html/rfc7644#section-3.12 >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Gayan >>>>>>>> >>>>>>>> -- >>>>>>>> Gayan Gunawardana >>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>> Email: [email protected] >>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Chamila Dilshan Wijayarathna, >>>>>>> PhD Research Student >>>>>>> The University of New South Wales (UNSW Canberra) >>>>>>> Australian Centre for Cyber Security >>>>>>> Australian Defence Force Academy >>>>>>> PO Box 7916, Canberra BA ACT 2610 >>>>>>> Australia >>>>>>> Mobile:(+61)416895795 <+61%20416%20895%20795> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> >>>>>> *Johann Dilantha Nallathamby* >>>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>>> Governance Technologies Team >>>>>> WSO2, Inc. >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile - *+94777776950* >>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Gayan Gunawardana >>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>> Email: [email protected] >>>>> Mobile: +94 (71) 8020933 >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
