Re: [Architecture] [APIM 3.0.0][C5] Permission model : Visibility and subscription availability

Hi, AFAIU we apply permission for API entity. API does not know anything about publisher and store. The permission model (Role/group based ) should handle the visibility at the store and publisher. The permission assigned to API should be generic. There should not be separate permissions for

Re: [Architecture] [APIM 3.0.0][C5] Permission model : Visibility and subscription availability

Hi, Based on the recent queries we got, users try to bring the tenancy model for managing APIs. For an example there can be two developers who create APIs for two departments such as marketing and enginnering. Basic idea is that those APIs are only visible for particular group in store which we

Re: [Architecture] [C5][IS 6.0.0] Password History Validation

On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana wrote: > > CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( > ID INTEGER NOT NULL AUTO_INCREMENT, > USER_UNIQUE_ID VARCHAR(255) NOT NULL, > SALT_VALUE VARCHAR(255), > HASHVARCHAR(255) NOT NULL, >

Re: [Architecture] [APIM 3.0.0][C5] Permission model : Visibility and subscription availability

On Wed, Mar 15, 2017 at 12:48 AM, Uvindra Dias Jayasinha wrote: > How can we support this by only sticking to the new permission model? We > need to make the API visible in the store side but hide it on the publisher > side(other publisher users). As I understood, your

Re: [Architecture] [APIM 3.0.0][C5] Permission model : Visibility and subscription availability

On Wed, Mar 15, 2017 at 12:48 AM, Uvindra Dias Jayasinha wrote: > where a api creator wants to hide/view his apis to other api creators" we do support this, there is a column in AM_API table AM_API_PERMISSION with default value 7 which means API creator can view/edit/delete

Re: [Architecture] [C5][IS 6.0.0] User List UI for IS 6.0.0

On Wed, Mar 15, 2017 at 7:11 AM, Thanuja Jayasinghe wrote: > Hi Nuwandi, > > On Tue, Mar 14, 2017 at 10:28 AM, Nuwandi Wickramasinghe < > nuwan...@wso2.com> wrote: > >> Hi all, >> >> We are in the process of implementing User List view in the Admin Portal >> for the new IS

Re: [Architecture] [C5][IS 6.0.0] User List UI for IS 6.0.0

Hi Nuwandi, On Tue, Mar 14, 2017 at 10:28 AM, Nuwandi Wickramasinghe wrote: > Hi all, > > We are in the process of implementing User List view in the Admin Portal > for the new IS 6.0.0 release. The wireframe design for the UI is found at > [1]. > > Admin can view a list of

Re: [Architecture] Define Username Claim in Domain Level

Hi Indunil, On Tue, Mar 14, 2017 at 7:42 PM, Indunil Upeksha Rathnayake < indu...@wso2.com> wrote: > Hi, > > I think in a system, username claim is not a user specific detail, so that > it's conceptually incorrect to define it in User level. It has to be > configured globally or domain wise (So

Re: [Architecture] Define Username Claim in Domain Level

Hi Nuwandi, On Tue, Mar 14, 2017 at 1:54 PM, Nuwandi Wickramasinghe wrote: > > > On Tue, Mar 14, 2017 at 12:42 PM, Thanuja Jayasinghe > wrote: > >> Hi Gayan, >> >> Yes. We need to specially handle username claim("http://wso2.org/claims/ >> username"). >> >

Re: [Architecture] How to identifying a self sign-up request

On Tue, Mar 14, 2017 at 8:25 PM, Sagara Gunathunga wrote: > > - Personally I don't like to duplicate self sign-up or any other feature > in two different places but I agree with the given justification about the > limitations of SCIM /Me endpoint, it would be ideal if we can

Re: [Architecture] [IS 6.0.0][admin-portal]User Onboarding with different options

On Tue, Mar 14, 2017 at 6:34 PM, Indunil Upeksha Rathnayake < indu...@wso2.com> wrote: > > > On Tue, Mar 14, 2017 at 10:59 AM, Omindu Rathnaweera > wrote: > >> >> >> On Tue, Mar 14, 2017 at 10:42 AM, Ayesha Dissanayaka >> wrote: >> >>> >>> On Tue, Mar 14, 2017

Re: [Architecture] Define Username Claim in Domain Level

On Tue, Mar 14, 2017 at 7:42 PM, Indunil Upeksha Rathnayake < indu...@wso2.com> wrote: > Hi, > > I think in a system, username claim is not a user specific detail, so that > it's conceptually incorrect to define it in User level. It has to be > configured globally or domain wise (So that based on

Re: [Architecture] Define Username Claim in Domain Level

On Tue, Mar 14, 2017 at 7:42 PM, Indunil Upeksha Rathnayake < indu...@wso2.com> wrote: > Hi, > > I think in a system, username claim is not a user specific detail, so that > it's conceptually incorrect to define it in User level. It has to be > configured globally or domain wise (So that based on

Re: [Architecture] How to identifying a self sign-up request

- Personally I don't like to duplicate self sign-up or any other feature in two different places but I agree with the given justification about the limitations of SCIM /Me endpoint, it would be ideal if we can support these use cases by extending SCIM but if we have already developed our own

Re: [Architecture] Define Username Claim in Domain Level

Hi, I think in a system, username claim is not a user specific detail, so that it's conceptually incorrect to define it in User level. It has to be configured globally or domain wise (So that based on the domain, the unique claim which use as the username can be configurable). And also if we are

Re: [Architecture] [IAM] [IS 6.0.0] Moving to global configuration model

Hi All, I think copying the entire list (map or any collection) is the correct strategy. Comparing with default value in the bean may not be optimal solution. Pros: 1. Thinking the list as single value avoids complexities in end user perspective 2. Allows changing order (if applicable) 3. Allows

Re: [Architecture] [IAM] [IS 6.0.0] Moving to global configuration model

> Currently we have to copy the entire list to deployment.yaml to > add/modify/remove an item in a list, if you are getting the configuration > object from config provider. We cannot edit bean variable value partially > from the deployment.yaml. > In this case, rather getting configuration bean

Re: [Architecture] [IS 6.0.0][admin-portal]User Onboarding with different options

On Tue, Mar 14, 2017 at 10:18 AM, Denuwanthi De Silva wrote: > Hi, > > The user onboarding scenario contains several options: > 1.Add new user with username and password > 2.Add new user with email verification > 3.Add new user with OTP email > 4.Add new user with Ask

Re: [Architecture] [IS 6.0.0][admin-portal]User Onboarding with different options

On Tue, Mar 14, 2017 at 10:59 AM, Omindu Rathnaweera wrote: > > > On Tue, Mar 14, 2017 at 10:42 AM, Ayesha Dissanayaka > wrote: > >> >> On Tue, Mar 14, 2017 at 10:18 AM, Denuwanthi De Silva < >> denuwan...@wso2.com> wrote: >> >>> So, inorder to retrieve the

Re: [Architecture] [IAM] [IS 6.0.0] Moving to global configuration model

On Tue, Mar 14, 2017 at 5:59 PM, Danesh Kuruppu wrote: > > We have to understand the pattern to follow when modifying/removing/adding >> an item in a *list* with deployment.yaml. Copying the entire list to >> deployment.yaml and modify accordingly is the straight-forward

Re: [Architecture] [IAM] [IS 6.0.0] Moving to global configuration model

> We have to understand the pattern to follow when modifying/removing/adding > an item in a *list* with deployment.yaml. Copying the entire list to > deployment.yaml and modify accordingly is the straight-forward approach. > > But that does not scale well if the number of items is quite big like

Re: [Architecture] [C5][IS 6.0.0 - Admin Portal ] Edit User profile (Update User)

@Dinali, In user portal account setting profile[1] template the user is shown the profile which is selected from the left tab menu. But in admin portal user profile[2] there is an extra field(dropdown) in the template to choose the profile which will render each profile details. So you will have

Re: [Architecture] Define Username Claim in Domain Level

On Tue, Mar 14, 2017 at 12:42 PM, Thanuja Jayasinghe wrote: > Hi Gayan, > > Yes. We need to specially handle username claim("http://wso2.org/claims/ > username"). > So, it will always be http://wso2.org/claims/username, not configurable? > > Shall we add a method to User[1]

Re: [Architecture] Define Username Claim in Domain Level

Hi Gayan, Yes. We need to specially handle username claim(" http://wso2.org/claims/username;). Shall we add a method to User[1] class to retrieve username? [1] - https://github.com/wso2/carbon-identity-mgt/blob/ master/components/org.wso2.carbon.identity.mgt/src/main/

[Architecture] Define Username Claim in Domain Level

Hi All, Don't we have to provide an API to get username claim from domain level. I am suggesting to have some thing like org.wso2.carbon.identity.mgt.User userStoreUser = identityStore. getUser(userId); userStoreUser.getUsernameClaim(); Currently we handle username claim as just an another

Re: [Architecture] [C5][IS 6.0.0 - Admin Portal ] Edit User profile (Update User)

Hi Dinali, Well, your earlier reply give impression it is validating the format of the email and mobile number, If it is, that validation should happen automatically (Ex. when lost focus of the input). I guess your last reply is correct, which is sending a code via email or SMS and validate those

Re: [Architecture] [C5][IS 6.0.0 - Admin Portal ] Edit User profile (Update User)

Hi Godwin, Continuing the above email The function of the verify button click is done by this user story [1]. Which is not done by me. At the moment we are not supporting mobile verification. Thanks [1] https://redmine.wso2.com/issues/5752 On Tue, Mar 14, 2017 at 11:44 AM, Dinali Dabarera

Re: [Architecture] [C5][IS 6.0.0 - Admin Portal ] Edit User profile (Update User)

Hi Godwin, Here, verify means it checks whether the updated value Is a type of email (--@abc.com) or type of mobile number(10 numbers). We can not check availability of email or mobile because one or more users can have same email or same mobile number. Thanks! On Tue, Mar 14, 2017 at 10:56 AM,