*[-IAM, RRT]*
On Mon, Jan 15, 2018 at 8:13 PM, Johann Nallathamby wrote:
> Hi Senthalan,
>
> Did you check [1]? In this feature *@Isuranga* implement XACML policy to
> evaluate the permission tree. For this he had to come up with a policy,
> that defined a custom function.
>
>
Hi Pamoda,
Authentication history is a broad term. How do we plan to identify
exceptions?
thanks,
Dimuthu
On Mon, Jan 15, 2018 at 8:04 PM, Johann Nallathamby wrote:
> *[-IAM, RRT]*
>
> Apart from the business transaction value, following factors can be
> considered for risk
Hi
Pls provide the diff of the changes you have done.
@ESB Team / PPT experts, since there are PPT level changes you need keep
watch on performance impact, memory blueprint impact, how the heap usage
varies per message size since (smallest to the largest) + per how the
behavior for complex
Hi Senthalan,
Did you check [1]? In this feature *@Isuranga* implement XACML policy to
evaluate the permission tree. For this he had to come up with a policy,
that defined a custom function.
In the above feature if you replace permission with OAuth2 scopes (which is
also a representation of
Hi all,
I have started working on a Password Rotation Policy Authenticator for the
Identity Server.
Currently, there is an authenticator [1] which can be used to force the
user to change the password.
However, it does not support the following requirements on its own.
- Force the user to
On Fri, Jan 12, 2018 at 9:35 AM, Asitha Nanayakkara wrote:
> Hi all,
>
> Taking all the concerns discussed in to account I did some updates on the
> design.
>
> With this design, I'll be exposing the exchanges, bindings, queues, and
> consumers. This is to avoid confusion in
Hi Nadun,
On Mon, Jan 15, 2018 at 9:01 PM, Nadun De Silva wrote:
> Hi all,
>
> I have started working on a Password Rotation Policy Authenticator for the
> Identity Server.
>
> Currently, there is an authenticator [1] which can be used to force the
> user to change the
On Mon, Jan 15, 2018 at 2:39 PM, Rasika Perera wrote:
> Hi Dimuthu,
>
> Recently, we did a similar setup, which involves a Federated IDP of OIDC.
> All internal apps configured with SAML SSO. Login flow worked smoothly with
> oidc authenticator; however external apps initiated
On Tue, Jan 16, 2018 at 8:13 AM, Prakhash Sivakumar
wrote:
> On Mon, Jan 15, 2018 at 8:28 PM, Dimuthu Leelarathne
> wrote:
>
>> Hi Pamoda,
>>
>> Authentication history is a broad term. How do we plan to identify
>> exceptions?
>>
>
As authentication
Hi Johann,
Thanks for the feedback. Currently, I am checking that feature.
According to my understanding, this feature will be useful to validate the
token scopes against resource scopes. As this validation is done by
JDBCScopeValidator and my implementation will be parallel to it (IS allows
On Tue, Jan 16, 2018 at 11:16 AM, Nadun De Silva wrote:
> Hi,
>
> At the moment the authenticator only has the *"password expiration time
> period"* in the password expiration policy.
>
> So I can start off by altering the authenticator to publish the following
> to analytics
>
Hi all,
We can also consider the MAC address or some machine ID of last successful
login as well.
*i.e I usually login to my personal Gmail using my phone. If I use my MAC
machine suddenly, google sends an email if this is you. *
Also previous success login location is also important.
*i.e If
Hi Nadun,
On Mon, Jan 15, 2018 at 9:01 PM, Nadun De Silva wrote:
> Hi all,
>
> I have started working on a Password Rotation Policy Authenticator for the
> Identity Server.
>
> Currently, there is an authenticator [1] which can be used to force the
> user to change the
Hi Prakash,
On Tue, Jan 16, 2018 at 9:49 AM, Prakhash Sivakumar
wrote:
> Hi Nadun,
>
> On Mon, Jan 15, 2018 at 9:01 PM, Nadun De Silva wrote:
>
>> Hi all,
>>
>> I have started working on a Password Rotation Policy Authenticator for
>> the Identity Server.
>>
On Tue, Jan 16, 2018 at 11:02 AM, Nadun De Silva wrote:
> Hi Prakash,
>
> On Tue, Jan 16, 2018 at 9:49 AM, Prakhash Sivakumar
> wrote:
>
>> Hi Nadun,
>>
>> On Mon, Jan 15, 2018 at 9:01 PM, Nadun De Silva wrote:
>>
>>> Hi all,
>>>
>>> I have
Hi Rushmin/ Shazni,
+1 for storing the certificates in the database.
Regarding the User Experience aspected discussed above, IMHO I think its
better to provide both the option where a user can select the file as in
uploading a file and same as allowing user to input the certificate content
into
Hi All,
We are implementing a Cassandra table extension that enables the Siddhi
developers to persist events in Cassandra stores.
Following operations are capable through this extension.
1. Define a Cassandra table
2. Insert events into Cassandra table
3. Read events from Cassandra table
4. Check
Hi Hasitha,
There is a question about MAC address, which is not available beyond an IP
router. What we do is browser fingerprinting with a cookie or something.
*>> i.e I usually login to my personal Gmail using my phone. If I use my
MAC machine suddenly, google sends an email if this is you. *
IS
Hi Ruwan,
On Tue, Jan 16, 2018 at 9:39 AM, Ruwan Abeykoon wrote:
> Hi Hasitha,
> There is a question about MAC address, which is not available beyond an IP
> router. What we do is browser fingerprinting with a cookie or something.
>
> *>> i.e I usually login to my personal
Hi,
At the moment the authenticator only has the *"password expiration time
period"* in the password expiration policy.
So I can start off by altering the authenticator to publish the following
to analytics
- The password expiration time period config change
- The password changed event
Hi Dimuthu,
I would suggest storing the expiration policy in IS side. How and where
this can be stored yet to be discussed. For the time being, we can play
around registry for quick start( but registry will go away soon)
IS needs to emit an event towards analytics upon any change in the policy.
Hi Pamoda,
Here are some of my thoughts, and not in order or organized.
User Behavior analytics (*UBA*)
-
Implement multi-dimensional clustering (this will detect general user
behaviours. Not of an individual)
-
Implement clickstream analytics (This will have knowledge of
On Mon, Jan 15, 2018 at 8:28 PM, Dimuthu Leelarathne
wrote:
> Hi Pamoda,
>
> Authentication history is a broad term. How do we plan to identify
> exceptions?
>
> thanks,
> Dimuthu
>
> On Mon, Jan 15, 2018 at 8:04 PM, Johann Nallathamby
> wrote:
>
>> *[-IAM,
Hi Jørgen,
Please see my inline responses below.
On Sat, Jan 13, 2018 at 12:13 AM, Info fra IDconnect
wrote:
> Hi Rushmin,
>
>
>
> Thanks for the swift reply.
>
>
>
> We are in the final decision phase on deciding technology for a platform
> delivering Identity management as
Hi All,
Please consider the below scenario.
When the Federated IdP sends the logout request we have to logout the user
from the WSO2IS. The proposed POC is as follows.
- 1 & 4 are OAuth flows
- 2 & 3 are SAML flows
Participants of the discussion: Malithi, Thanuja and Dimuthu
For the POC
On Mon, Jan 15, 2018 at 1:32 PM, Dimuthu Leelarathne
wrote:
> Hi All,
>
> Please consider the below scenario.
>
>
>
>
>
> When the Federated IdP sends the logout request we have to logout the user
> from the WSO2IS. The proposed POC is as follows.
>
> - 1 & 4 are OAuth
Hi Dimuthu,
Recently, we did a similar setup, which involves a Federated IDP of OIDC.
All internal apps configured with SAML SSO. Login flow worked smoothly with
oidc authenticator; however external apps initiated logout(inbound logout
requests from OIDC-to-SAML) and internal apps initiated
Hi,
On Mon, Jan 15, 2018 at 1:32 PM, Dimuthu Leelarathne
wrote:
> Hi All,
>
> Please consider the below scenario.
>
>
>
>
>
> When the Federated IdP sends the logout request we have to logout the user
> from the WSO2IS. The proposed POC is as follows.
>
> - 1 & 4 are OAuth
Hi Pamoda
On Mon, Jan 15, 2018 at 4:50 PM, Pamoda Wimalasiri wrote:
> Hi all,
>
> I'm currently working on a risk score calculation method for the
> authentication request of IAM. I'm still doing the background research on
> the behavior of other similar approaches [1] and the
Hi all,
I'm currently working on a risk score calculation method for the
authentication request of IAM. I'm still doing the background research on
the behavior of other similar approaches [1] and the technologies that can
be used.
According to my research, the risk score can be calculated based
30 matches
Mail list logo