Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Hasintha Indrajee]

On Fri, Feb 2, 2018 at 8:00 AM, Isura Karunaratne  wrote:

>
>
> On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee 
> wrote:
>
>> Eventing is more asynchronous. We may need synchronous processing for
>> this. Also we need to control the flow of these handlers depending on the
>> state of the handler. ex - we may need to do few redirections within a
>> handler in order to proceed (eg - missing mandatory claim handler.). Hence
>> I think it's better to go with a specific interface than our handler
>> architecture.
>>
>
> Eventing can be synchronous as well. Since we need to handle redirections
> +1 to go with a specfic interface design.
>
Our current eventing framework does not have synchronous support AFAIK

>
> Thanks
> Isura.
>
>>
>> On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe 
>> wrote:
>>
>>> Hi Hasintha,
>>>
>>> Does this mean that you will be introducing another OSGi service
>>> interface for post authentication handlers.
>>> What about using the already available eventing service [1].
>>>
>>> [1] https://github.com/wso2/carbon-identity-framework/blob/m
>>> aster/components/identity-event/org.wso2.carbon.identity.
>>> event/src/main/java/org/wso2/carbon/identity/event/
>>> services/IdentityEventService.java
>>>
>>> Thanks,
>>> Malithi.
>>>
>>> On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee 
>>> wrote:
>>>
 At the present we have post authentication criteria which are evaluated
 upon authentication in an authentication flow. Examples are "Handling
 missing mandatory claims" and "Authorization handling". According to the
 current implementation these logics are bind towards our framework
 implementation so that if we need to add a new post authentication
 evaluation criteria, we do not have an alternative other than changing
 framework source.

 With emerging requirements we may need to add more post authentication
 criteria in the future. For an example, we may need to intercept post
 authentication and request for consent on requested claims. Likewise there
 may be other requirements to intercept post authentication flow.

 Foreseeing these requirements we are planing to generalize post
 authentication handling so that post authentication handling will no longer
 be a static part of framework. We should be able to add post authentication
 handlers as OSGI services. Upon this change, missing mandatory claim
 handler and authorization handler will be two OSGI post authentication
 handlers.

 --
 Hasintha Indrajee
 WSO2, Inc.
 Mobile:+94 771892453 <+94%2077%20189%202453>


>>>
>>>
>>> --
>>>
>>> *Malithi Edirisinghe*
>>> Associate Technical Lead
>>> WSO2 Inc.
>>>
>>> Mobile : +94 (0) 718176807
>>> malit...@wso2.com
>>>
>>
>>
>>
>> --
>> Hasintha Indrajee
>> WSO2, Inc.
>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>


-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Isura Karunaratne]

On Fri, Feb 2, 2018 at 10:07 AM, Hasintha Indrajee 
wrote:

>
> On Fri, Feb 2, 2018 at 8:00 AM, Isura Karunaratne  wrote:
>
>>
>>
>> On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee 
>> wrote:
>>
>>> Eventing is more asynchronous. We may need synchronous processing for
>>> this. Also we need to control the flow of these handlers depending on the
>>> state of the handler. ex - we may need to do few redirections within a
>>> handler in order to proceed (eg - missing mandatory claim handler.). Hence
>>> I think it's better to go with a specific interface than our handler
>>> architecture.
>>>
>>
>> Eventing can be synchronous as well. Since we need to handle
>> redirections +1 to go with a specfic interface design.
>>
> Our current eventing framework does not have synchronous support AFAIK
>
It can be sync or assync depending on the handler implemenation. [1]

[1]
https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java#L56

Thanks
Isura.

>
>> Thanks
>> Isura.
>>
>>>
>>> On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe 
>>> wrote:
>>>
 Hi Hasintha,

 Does this mean that you will be introducing another OSGi service
 interface for post authentication handlers.
 What about using the already available eventing service [1].

 [1] https://github.com/wso2/carbon-identity-framework/blob/m
 aster/components/identity-event/org.wso2.carbon.identity.eve
 nt/src/main/java/org/wso2/carbon/identity/event/services/
 IdentityEventService.java

 Thanks,
 Malithi.

 On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee 
 wrote:

> At the present we have post authentication criteria which are
> evaluated upon authentication in an authentication flow. Examples are
> "Handling missing mandatory claims" and "Authorization handling". 
> According
> to the current implementation these logics are bind towards our framework
> implementation so that if we need to add a new post authentication
> evaluation criteria, we do not have an alternative other than changing
> framework source.
>
> With emerging requirements we may need to add more post authentication
> criteria in the future. For an example, we may need to intercept post
> authentication and request for consent on requested claims. Likewise there
> may be other requirements to intercept post authentication flow.
>
> Foreseeing these requirements we are planing to generalize post
> authentication handling so that post authentication handling will no 
> longer
> be a static part of framework. We should be able to add post 
> authentication
> handlers as OSGI services. Upon this change, missing mandatory claim
> handler and authorization handler will be two OSGI post authentication
> handlers.
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


 --

 *Malithi Edirisinghe*
 Associate Technical Lead
 WSO2 Inc.

 Mobile : +94 (0) 718176807
 malit...@wso2.com

>>>
>>>
>>>
>>> --
>>> Hasintha Indrajee
>>> WSO2, Inc.
>>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>>
>>>
>>
>>
>> --
>>
>> *Isura Dilhara Karunaratne*
>> Associate Technical Lead | WSO2
>> Email: is...@wso2.com
>> Mob : +94 772 254 810 <077%20225%204810>
>> Blog : http://isurad.blogspot.com/
>>
>>
>>
>>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Isura Karunaratne]

On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee  wrote:

> Eventing is more asynchronous. We may need synchronous processing for
> this. Also we need to control the flow of these handlers depending on the
> state of the handler. ex - we may need to do few redirections within a
> handler in order to proceed (eg - missing mandatory claim handler.). Hence
> I think it's better to go with a specific interface than our handler
> architecture.
>

Eventing can be synchronous as well. Since we need to handle redirections
+1 to go with a specfic interface design.

Thanks
Isura.

>
> On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe 
> wrote:
>
>> Hi Hasintha,
>>
>> Does this mean that you will be introducing another OSGi service
>> interface for post authentication handlers.
>> What about using the already available eventing service [1].
>>
>> [1] https://github.com/wso2/carbon-identity-framework/blob/
>> master/components/identity-event/org.wso2.carbon.
>> identity.event/src/main/java/org/wso2/carbon/identity/
>> event/services/IdentityEventService.java
>>
>> Thanks,
>> Malithi.
>>
>> On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee 
>> wrote:
>>
>>> At the present we have post authentication criteria which are evaluated
>>> upon authentication in an authentication flow. Examples are "Handling
>>> missing mandatory claims" and "Authorization handling". According to the
>>> current implementation these logics are bind towards our framework
>>> implementation so that if we need to add a new post authentication
>>> evaluation criteria, we do not have an alternative other than changing
>>> framework source.
>>>
>>> With emerging requirements we may need to add more post authentication
>>> criteria in the future. For an example, we may need to intercept post
>>> authentication and request for consent on requested claims. Likewise there
>>> may be other requirements to intercept post authentication flow.
>>>
>>> Foreseeing these requirements we are planing to generalize post
>>> authentication handling so that post authentication handling will no longer
>>> be a static part of framework. We should be able to add post authentication
>>> handlers as OSGI services. Upon this change, missing mandatory claim
>>> handler and authorization handler will be two OSGI post authentication
>>> handlers.
>>>
>>> --
>>> Hasintha Indrajee
>>> WSO2, Inc.
>>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>>
>>>
>>
>>
>> --
>>
>> *Malithi Edirisinghe*
>> Associate Technical Lead
>> WSO2 Inc.
>>
>> Mobile : +94 (0) 718176807
>> malit...@wso2.com
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Hasintha Indrajee]

Eventing is more asynchronous. We may need synchronous processing for this.
Also we need to control the flow of these handlers depending on the state
of the handler. ex - we may need to do few redirections within a handler in
order to proceed (eg - missing mandatory claim handler.). Hence I think
it's better to go with a specific interface than our handler architecture.

On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe 
wrote:

> Hi Hasintha,
>
> Does this mean that you will be introducing another OSGi service interface
> for post authentication handlers.
> What about using the already available eventing service [1].
>
> [1] https://github.com/wso2/carbon-identity-framework/
> blob/master/components/identity-event/org.wso2.carbon.identity.event/src/
> main/java/org/wso2/carbon/identity/event/services/
> IdentityEventService.java
>
> Thanks,
> Malithi.
>
> On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee 
> wrote:
>
>> At the present we have post authentication criteria which are evaluated
>> upon authentication in an authentication flow. Examples are "Handling
>> missing mandatory claims" and "Authorization handling". According to the
>> current implementation these logics are bind towards our framework
>> implementation so that if we need to add a new post authentication
>> evaluation criteria, we do not have an alternative other than changing
>> framework source.
>>
>> With emerging requirements we may need to add more post authentication
>> criteria in the future. For an example, we may need to intercept post
>> authentication and request for consent on requested claims. Likewise there
>> may be other requirements to intercept post authentication flow.
>>
>> Foreseeing these requirements we are planing to generalize post
>> authentication handling so that post authentication handling will no longer
>> be a static part of framework. We should be able to add post authentication
>> handlers as OSGI services. Upon this change, missing mandatory claim
>> handler and authorization handler will be two OSGI post authentication
>> handlers.
>>
>> --
>> Hasintha Indrajee
>> WSO2, Inc.
>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>
>>
>
>
> --
>
> *Malithi Edirisinghe*
> Associate Technical Lead
> WSO2 Inc.
>
> Mobile : +94 (0) 718176807
> malit...@wso2.com
>



-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Hasintha Indrajee]

At the present we have post authentication criteria which are evaluated
upon authentication in an authentication flow. Examples are "Handling
missing mandatory claims" and "Authorization handling". According to the
current implementation these logics are bind towards our framework
implementation so that if we need to add a new post authentication
evaluation criteria, we do not have an alternative other than changing
framework source.

With emerging requirements we may need to add more post authentication
criteria in the future. For an example, we may need to intercept post
authentication and request for consent on requested claims. Likewise there
may be other requirements to intercept post authentication flow.

Foreseeing these requirements we are planing to generalize post
authentication handling so that post authentication handling will no longer
be a static part of framework. We should be able to add post authentication
handlers as OSGI services. Upon this change, missing mandatory claim
handler and authorization handler will be two OSGI post authentication
handlers.

-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Malithi Edirisinghe]

Hi Hasintha,

Does this mean that you will be introducing another OSGi service interface
for post authentication handlers.
What about using the already available eventing service [1].

[1]
https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventService.java

Thanks,
Malithi.

On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee  wrote:

> At the present we have post authentication criteria which are evaluated
> upon authentication in an authentication flow. Examples are "Handling
> missing mandatory claims" and "Authorization handling". According to the
> current implementation these logics are bind towards our framework
> implementation so that if we need to add a new post authentication
> evaluation criteria, we do not have an alternative other than changing
> framework source.
>
> With emerging requirements we may need to add more post authentication
> criteria in the future. For an example, we may need to intercept post
> authentication and request for consent on requested claims. Likewise there
> may be other requirements to intercept post authentication flow.
>
> Foreseeing these requirements we are planing to generalize post
> authentication handling so that post authentication handling will no longer
> be a static part of framework. We should be able to add post authentication
> handlers as OSGI services. Upon this change, missing mandatory claim
> handler and authorization handler will be two OSGI post authentication
> handlers.
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 

*Malithi Edirisinghe*
Associate Technical Lead
WSO2 Inc.

Mobile : +94 (0) 718176807
malit...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Hasintha Indrajee]

On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee  wrote:

> Eventing is more asynchronous. We may need synchronous processing for
> this. Also we need to control the flow of these handlers depending on the
> state of the handler. ex - we may need to do few redirections within a
> handler in order to proceed (eg - missing mandatory claim handler.). Hence
> I think it's better to go with a specific interface than our handler
> architecture.
>

sorry. Meant to say "Hence I think it's better to go with a specific
interface than our eventing architecture.."

>
> On Thu, Feb 1, 2018 at 1:36 PM, Malithi Edirisinghe 
> wrote:
>
>> Hi Hasintha,
>>
>> Does this mean that you will be introducing another OSGi service
>> interface for post authentication handlers.
>> What about using the already available eventing service [1].
>>
>> [1] https://github.com/wso2/carbon-identity-framework/blob/
>> master/components/identity-event/org.wso2.carbon.
>> identity.event/src/main/java/org/wso2/carbon/identity/
>> event/services/IdentityEventService.java
>>
>> Thanks,
>> Malithi.
>>
>> On Thu, Feb 1, 2018 at 6:20 AM, Hasintha Indrajee 
>> wrote:
>>
>>> At the present we have post authentication criteria which are evaluated
>>> upon authentication in an authentication flow. Examples are "Handling
>>> missing mandatory claims" and "Authorization handling". According to the
>>> current implementation these logics are bind towards our framework
>>> implementation so that if we need to add a new post authentication
>>> evaluation criteria, we do not have an alternative other than changing
>>> framework source.
>>>
>>> With emerging requirements we may need to add more post authentication
>>> criteria in the future. For an example, we may need to intercept post
>>> authentication and request for consent on requested claims. Likewise there
>>> may be other requirements to intercept post authentication flow.
>>>
>>> Foreseeing these requirements we are planing to generalize post
>>> authentication handling so that post authentication handling will no longer
>>> be a static part of framework. We should be able to add post authentication
>>> handlers as OSGI services. Upon this change, missing mandatory claim
>>> handler and authorization handler will be two OSGI post authentication
>>> handlers.
>>>
>>> --
>>> Hasintha Indrajee
>>> WSO2, Inc.
>>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>>
>>>
>>
>>
>> --
>>
>> *Malithi Edirisinghe*
>> Associate Technical Lead
>> WSO2 Inc.
>>
>> Mobile : +94 (0) 718176807
>> malit...@wso2.com
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <077%20189%202453>
>
>


-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Darshana Gunawardana]

+1 Hasintha.. Have you done a poc on this?

Thanks,

On Thu, Feb 1, 2018 at 11:50 AM, Hasintha Indrajee 
wrote:

> At the present we have post authentication criteria which are evaluated
> upon authentication in an authentication flow. Examples are "Handling
> missing mandatory claims" and "Authorization handling". According to the
> current implementation these logics are bind towards our framework
> implementation so that if we need to add a new post authentication
> evaluation criteria, we do not have an alternative other than changing
> framework source.
>
> With emerging requirements we may need to add more post authentication
> criteria in the future. For an example, we may need to intercept post
> authentication and request for consent on requested claims. Likewise there
> may be other requirements to intercept post authentication flow.
>
> Foreseeing these requirements we are planing to generalize post
> authentication handling so that post authentication handling will no longer
> be a static part of framework. We should be able to add post authentication
> handlers as OSGI services. Upon this change, missing mandatory claim
> handler and authorization handler will be two OSGI post authentication
> handlers.
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev