Hi Nikil, Good to know someone else is using Apache Isis in Australia, if you need another resource I am in Hobart.
I started to look a two factor authentication via Apache Shiro, maybe an external authentication server/service/product already has the capacity to have separate kinds of authentication for the same user and its just a case of in Apache Isis forcing a reauthentication (using the two level protocol with the external service if the user attempts to access a medical record ? I think its difficult to store and update very complex medical records in a relational database model. Hospital systems make use of specialised databases i read, for performance reasons. So you are looking at a second system to do that well, but that is not to say that Apache Isis cannot have functionality added. Just my two bits. Steve Cameron On Wed, Nov 29, 2017 at 10:13 PM, Nikhil Dhamapurkar < [email protected]> wrote: > Hi Everyone, > > We have a use case where an entity Patient has data with 2 parts. 1) non > confidential details ( like name, last name) & 2) some confidential data > associated with it (like medical records). > > We want to enable a 2 factor Authentication when retrieving the > confidential data when calling ISIS from the REST based swagger API has > someone came across a similar use case ? > > I would like to know if it will be advisable to have apache ISIS own the > Model and have both the details confidential and non confidential as part > of the entity and do validation via ISIS or will be better > To keep the confidential data in an entity/data store outside of apache > ISIS ? > > Application requests → level 1 Authentication → (Gets non confidential > data) → based on the data and encrypted key → sends request to another > source to get confidential data from it. > > OR > > Application Requests → with level 1 and Level 2 access Identifiers→ apache > ISIS Identifies it has both tokens → returns the confidential data as well > in the response. > > Regards > Nikhil > >
