Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
On Fri, Feb 2, 2018 at 8:00 AM, Isura Karunaratnewrote: > > > On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee > wrote: > >> Eventing is more asynchronous. We may need synchronous processing for >> this. Also we need to control the flow of these handlers depending on the >> state of the handler. ex - we may need to do few redirections within a >> handler in order to proceed (eg - missing mandatory claim handler.). Hence >> I think it's better to go with a specific interface than our handler >> architecture. >> > > Eventing can be synchronous as well. Since we need to handle redirections > +1 to go with a specfic interface design. > Our current eventing framework does not have synchronous support AFAIK > > Thanks > Isura. > >> >> On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe >> wrote: >> >>> Hi Hasintha, >>> >>> Does this mean that you will be introducing another OSGi service >>> interface for post authentication handlers. >>> What about using the already available eventing service [1]. >>> >>> [1] https://github.com/wso2/carbon-identity-framework/blob/m >>> aster/components/identity-event/org.wso2.carbon.identity. >>> event/src/main/java/org/wso2/carbon/identity/event/ >>> services/IdentityEventService.java >>> >>> Thanks, >>> Malithi. >>> >>> On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee >>> wrote: >>> At the present we have post authentication criteria which are evaluated upon authentication in an authentication flow. Examples are "Handling missing mandatory claims" and "Authorization handling". According to the current implementation these logics are bind towards our framework implementation so that if we need to add a new post authentication evaluation criteria, we do not have an alternative other than changing framework source. With emerging requirements we may need to add more post authentication criteria in the future. For an example, we may need to intercept post authentication and request for consent on requested claims. Likewise there may be other requirements to intercept post authentication flow. Foreseeing these requirements we are planing to generalize post authentication handling so that post authentication handling will no longer be a static part of framework. We should be able to add post authentication handlers as OSGI services. Upon this change, missing mandatory claim handler and authorization handler will be two OSGI post authentication handlers. -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453 <+94%2077%20189%202453> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Associate Technical Lead >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> malit...@wso2.com >>> >> >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <+94%2077%20189%202453> >> >> > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
On Fri, Feb 2, 2018 at 10:07 AM, Hasintha Indrajeewrote: > > On Fri, Feb 2, 2018 at 8:00 AM, Isura Karunaratne wrote: > >> >> >> On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee >> wrote: >> >>> Eventing is more asynchronous. We may need synchronous processing for >>> this. Also we need to control the flow of these handlers depending on the >>> state of the handler. ex - we may need to do few redirections within a >>> handler in order to proceed (eg - missing mandatory claim handler.). Hence >>> I think it's better to go with a specific interface than our handler >>> architecture. >>> >> >> Eventing can be synchronous as well. Since we need to handle >> redirections +1 to go with a specfic interface design. >> > Our current eventing framework does not have synchronous support AFAIK > It can be sync or assync depending on the handler implemenation. [1] [1] https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java#L56 Thanks Isura. > >> Thanks >> Isura. >> >>> >>> On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe >>> wrote: >>> Hi Hasintha, Does this mean that you will be introducing another OSGi service interface for post authentication handlers. What about using the already available eventing service [1]. [1] https://github.com/wso2/carbon-identity-framework/blob/m aster/components/identity-event/org.wso2.carbon.identity.eve nt/src/main/java/org/wso2/carbon/identity/event/services/ IdentityEventService.java Thanks, Malithi. On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee wrote: > At the present we have post authentication criteria which are > evaluated upon authentication in an authentication flow. Examples are > "Handling missing mandatory claims" and "Authorization handling". > According > to the current implementation these logics are bind towards our framework > implementation so that if we need to add a new post authentication > evaluation criteria, we do not have an alternative other than changing > framework source. > > With emerging requirements we may need to add more post authentication > criteria in the future. For an example, we may need to intercept post > authentication and request for consent on requested claims. Likewise there > may be other requirements to intercept post authentication flow. > > Foreseeing these requirements we are planing to generalize post > authentication handling so that post authentication handling will no > longer > be a static part of framework. We should be able to add post > authentication > handlers as OSGI services. Upon this change, missing mandatory claim > handler and authorization handler will be two OSGI post authentication > handlers. > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- *Malithi Edirisinghe* Associate Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 malit...@wso2.com >>> >>> >>> >>> -- >>> Hasintha Indrajee >>> WSO2, Inc. >>> Mobile:+94 771892453 <+94%2077%20189%202453> >>> >>> >> >> >> -- >> >> *Isura Dilhara Karunaratne* >> Associate Technical Lead | WSO2 >> Email: is...@wso2.com >> Mob : +94 772 254 810 <077%20225%204810> >> Blog : http://isurad.blogspot.com/ >> >> >> >> > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- *Isura Dilhara Karunaratne* Associate Technical Lead | WSO2 Email: is...@wso2.com Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajeewrote: > Eventing is more asynchronous. We may need synchronous processing for > this. Also we need to control the flow of these handlers depending on the > state of the handler. ex - we may need to do few redirections within a > handler in order to proceed (eg - missing mandatory claim handler.). Hence > I think it's better to go with a specific interface than our handler > architecture. > Eventing can be synchronous as well. Since we need to handle redirections +1 to go with a specfic interface design. Thanks Isura. > > On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe > wrote: > >> Hi Hasintha, >> >> Does this mean that you will be introducing another OSGi service >> interface for post authentication handlers. >> What about using the already available eventing service [1]. >> >> [1] https://github.com/wso2/carbon-identity-framework/blob/ >> master/components/identity-event/org.wso2.carbon. >> identity.event/src/main/java/org/wso2/carbon/identity/ >> event/services/IdentityEventService.java >> >> Thanks, >> Malithi. >> >> On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee >> wrote: >> >>> At the present we have post authentication criteria which are evaluated >>> upon authentication in an authentication flow. Examples are "Handling >>> missing mandatory claims" and "Authorization handling". According to the >>> current implementation these logics are bind towards our framework >>> implementation so that if we need to add a new post authentication >>> evaluation criteria, we do not have an alternative other than changing >>> framework source. >>> >>> With emerging requirements we may need to add more post authentication >>> criteria in the future. For an example, we may need to intercept post >>> authentication and request for consent on requested claims. Likewise there >>> may be other requirements to intercept post authentication flow. >>> >>> Foreseeing these requirements we are planing to generalize post >>> authentication handling so that post authentication handling will no longer >>> be a static part of framework. We should be able to add post authentication >>> handlers as OSGI services. Upon this change, missing mandatory claim >>> handler and authorization handler will be two OSGI post authentication >>> handlers. >>> >>> -- >>> Hasintha Indrajee >>> WSO2, Inc. >>> Mobile:+94 771892453 <+94%2077%20189%202453> >>> >>> >> >> >> -- >> >> *Malithi Edirisinghe* >> Associate Technical Lead >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> malit...@wso2.com >> > > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- *Isura Dilhara Karunaratne* Associate Technical Lead | WSO2 Email: is...@wso2.com Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
Eventing is more asynchronous. We may need synchronous processing for this. Also we need to control the flow of these handlers depending on the state of the handler. ex - we may need to do few redirections within a handler in order to proceed (eg - missing mandatory claim handler.). Hence I think it's better to go with a specific interface than our handler architecture. On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghewrote: > Hi Hasintha, > > Does this mean that you will be introducing another OSGi service interface > for post authentication handlers. > What about using the already available eventing service [1]. > > [1] https://github.com/wso2/carbon-identity-framework/ > blob/master/components/identity-event/org.wso2.carbon.identity.event/src/ > main/java/org/wso2/carbon/identity/event/services/ > IdentityEventService.java > > Thanks, > Malithi. > > On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee > wrote: > >> At the present we have post authentication criteria which are evaluated >> upon authentication in an authentication flow. Examples are "Handling >> missing mandatory claims" and "Authorization handling". According to the >> current implementation these logics are bind towards our framework >> implementation so that if we need to add a new post authentication >> evaluation criteria, we do not have an alternative other than changing >> framework source. >> >> With emerging requirements we may need to add more post authentication >> criteria in the future. For an example, we may need to intercept post >> authentication and request for consent on requested claims. Likewise there >> may be other requirements to intercept post authentication flow. >> >> Foreseeing these requirements we are planing to generalize post >> authentication handling so that post authentication handling will no longer >> be a static part of framework. We should be able to add post authentication >> handlers as OSGI services. Upon this change, missing mandatory claim >> handler and authorization handler will be two OSGI post authentication >> handlers. >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <+94%2077%20189%202453> >> >> > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > malit...@wso2.com > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
At the present we have post authentication criteria which are evaluated upon authentication in an authentication flow. Examples are "Handling missing mandatory claims" and "Authorization handling". According to the current implementation these logics are bind towards our framework implementation so that if we need to add a new post authentication evaluation criteria, we do not have an alternative other than changing framework source. With emerging requirements we may need to add more post authentication criteria in the future. For an example, we may need to intercept post authentication and request for consent on requested claims. Likewise there may be other requirements to intercept post authentication flow. Foreseeing these requirements we are planing to generalize post authentication handling so that post authentication handling will no longer be a static part of framework. We should be able to add post authentication handlers as OSGI services. Upon this change, missing mandatory claim handler and authorization handler will be two OSGI post authentication handlers. -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
Hi Hasintha, Does this mean that you will be introducing another OSGi service interface for post authentication handlers. What about using the already available eventing service [1]. [1] https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventService.java Thanks, Malithi. On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajeewrote: > At the present we have post authentication criteria which are evaluated > upon authentication in an authentication flow. Examples are "Handling > missing mandatory claims" and "Authorization handling". According to the > current implementation these logics are bind towards our framework > implementation so that if we need to add a new post authentication > evaluation criteria, we do not have an alternative other than changing > framework source. > > With emerging requirements we may need to add more post authentication > criteria in the future. For an example, we may need to intercept post > authentication and request for consent on requested claims. Likewise there > may be other requirements to intercept post authentication flow. > > Foreseeing these requirements we are planing to generalize post > authentication handling so that post authentication handling will no longer > be a static part of framework. We should be able to add post authentication > handlers as OSGI services. Upon this change, missing mandatory claim > handler and authorization handler will be two OSGI post authentication > handlers. > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- *Malithi Edirisinghe* Associate Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 malit...@wso2.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajeewrote: > Eventing is more asynchronous. We may need synchronous processing for > this. Also we need to control the flow of these handlers depending on the > state of the handler. ex - we may need to do few redirections within a > handler in order to proceed (eg - missing mandatory claim handler.). Hence > I think it's better to go with a specific interface than our handler > architecture. > sorry. Meant to say "Hence I think it's better to go with a specific interface than our eventing architecture.." > > On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe > wrote: > >> Hi Hasintha, >> >> Does this mean that you will be introducing another OSGi service >> interface for post authentication handlers. >> What about using the already available eventing service [1]. >> >> [1] https://github.com/wso2/carbon-identity-framework/blob/ >> master/components/identity-event/org.wso2.carbon. >> identity.event/src/main/java/org/wso2/carbon/identity/ >> event/services/IdentityEventService.java >> >> Thanks, >> Malithi. >> >> On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee >> wrote: >> >>> At the present we have post authentication criteria which are evaluated >>> upon authentication in an authentication flow. Examples are "Handling >>> missing mandatory claims" and "Authorization handling". According to the >>> current implementation these logics are bind towards our framework >>> implementation so that if we need to add a new post authentication >>> evaluation criteria, we do not have an alternative other than changing >>> framework source. >>> >>> With emerging requirements we may need to add more post authentication >>> criteria in the future. For an example, we may need to intercept post >>> authentication and request for consent on requested claims. Likewise there >>> may be other requirements to intercept post authentication flow. >>> >>> Foreseeing these requirements we are planing to generalize post >>> authentication handling so that post authentication handling will no longer >>> be a static part of framework. We should be able to add post authentication >>> handlers as OSGI services. Upon this change, missing mandatory claim >>> handler and authorization handler will be two OSGI post authentication >>> handlers. >>> >>> -- >>> Hasintha Indrajee >>> WSO2, Inc. >>> Mobile:+94 771892453 <+94%2077%20189%202453> >>> >>> >> >> >> -- >> >> *Malithi Edirisinghe* >> Associate Technical Lead >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> malit...@wso2.com >> > > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <077%20189%202453> > > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.
+1 Hasintha.. Have you done a poc on this? Thanks, On Thu, Feb 1, 2018 at 11:50 AM, Hasintha Indrajeewrote: > At the present we have post authentication criteria which are evaluated > upon authentication in an authentication flow. Examples are "Handling > missing mandatory claims" and "Authorization handling". According to the > current implementation these logics are bind towards our framework > implementation so that if we need to add a new post authentication > evaluation criteria, we do not have an alternative other than changing > framework source. > > With emerging requirements we may need to add more post authentication > criteria in the future. For an example, we may need to intercept post > authentication and request for consent on requested claims. Likewise there > may be other requirements to intercept post authentication flow. > > Foreseeing these requirements we are planing to generalize post > authentication handling so that post authentication handling will no longer > be a static part of framework. We should be able to add post authentication > handlers as OSGI services. Upon this change, missing mandatory claim > handler and authorization handler will be two OSGI post authentication > handlers. > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- Regards, *Darshana Gunawardana*Technical Lead WSO2 Inc.; http://wso2.com *E-mail: darsh...@wso2.com * *Mobile: +94718566859*Lean . Enterprise . Middleware ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev