[IAM][New Feature] Claim Transformation for Provisioning Use Cases

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[IAM][New Feature] Claim Transformation for Provisioning Use Cases

Johann Nallathamby
IAM Team,

I don't intend to talk about the importance of the claim transformations during provisioning use cases. Currently to support such cases, we propose to write custom provisioning connectors or JIT provisioning handlers. However, I was thinking it would be slick to have a scripting editor similar to the adaptive authentication one we have, so that users can code their transformations in java script before doing the provisioning.

Most of these requirements probably could be satisfied if we bring in a micro service/ESB and transform the data that is received by IS. But then,
1. Deployment gets complex
2. Claim transformation requirements are common, so it makes sense to have the capability within IS itself.

Is this something that we can prioritize as an intern project?

Your thoughts are appreciated.

Thanks & Regards,
Johann.

--
Johann Dilantha Nallathamby | Associate Director/Solutions Architect | WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [hidden email]
Signature.jpg

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [IAM][New Feature] Claim Transformation for Provisioning Use Cases

Ruwan Abeykoon
+1 for the technical solution.


Cheers,
Ruwan

On Wed, Feb 20, 2019 at 1:17 PM Johann Nallathamby <[hidden email]> wrote:
IAM Team,

I don't intend to talk about the importance of the claim transformations during provisioning use cases. Currently to support such cases, we propose to write custom provisioning connectors or JIT provisioning handlers. However, I was thinking it would be slick to have a scripting editor similar to the adaptive authentication one we have, so that users can code their transformations in java script before doing the provisioning.

Most of these requirements probably could be satisfied if we bring in a micro service/ESB and transform the data that is received by IS. But then,
1. Deployment gets complex
2. Claim transformation requirements are common, so it makes sense to have the capability within IS itself.

Is this something that we can prioritize as an intern project?

Your thoughts are appreciated.

Thanks & Regards,
Johann.

--
Johann Dilantha Nallathamby | Associate Director/Solutions Architect | WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [hidden email]
Signature.jpg




_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [IAM][New Feature] Claim Transformation for Provisioning Use Cases

Darshana Gunawardana
Hi Johann,

If we are considering a provisioning scenarios in a authentication flow (JIT flows), we should be able use scripting capabilities in adaptive authentication to inject\modify a claim with transformation.

For the pure provisioning flows, +1 to come up with some mechanism.

Thanks,

On Wed, Feb 20, 2019 at 1:29 PM Ruwan Abeykoon <[hidden email]> wrote:
+1 for the technical solution.


Cheers,
Ruwan

On Wed, Feb 20, 2019 at 1:17 PM Johann Nallathamby <[hidden email]> wrote:
IAM Team,

I don't intend to talk about the importance of the claim transformations during provisioning use cases. Currently to support such cases, we propose to write custom provisioning connectors or JIT provisioning handlers. However, I was thinking it would be slick to have a scripting editor similar to the adaptive authentication one we have, so that users can code their transformations in java script before doing the provisioning.

Most of these requirements probably could be satisfied if we bring in a micro service/ESB and transform the data that is received by IS. But then,
1. Deployment gets complex
2. Claim transformation requirements are common, so it makes sense to have the capability within IS itself.

Is this something that we can prioritize as an intern project?

Your thoughts are appreciated.

Thanks & Regards,
Johann.

--
Johann Dilantha Nallathamby | Associate Director/Solutions Architect | WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [hidden email]
Signature.jpg





--
Regards,

Darshana Gunawardana
Technical Lead
WSO2 Inc.; http://wso2.com
E-mail: [hidden email]
Mobile: +94718566859
Lean . Enterprise . Middleware


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [IAM][New Feature] Claim Transformation for Provisioning Use Cases

Prabath Siriwardena
I think we need to keep all complex provisioning logic outside IS as much as possible. Not only transformation, but even reliable delivery.  IMO we can think about how microESB fits into these use cases.

Thanks & Regards
-Prabath

On Wed, Feb 20, 2019 at 1:09 AM Darshana Gunawardana <[hidden email]> wrote:
Hi Johann,

If we are considering a provisioning scenarios in a authentication flow (JIT flows), we should be able use scripting capabilities in adaptive authentication to inject\modify a claim with transformation.

For the pure provisioning flows, +1 to come up with some mechanism.

Thanks,

On Wed, Feb 20, 2019 at 1:29 PM Ruwan Abeykoon <[hidden email]> wrote:
+1 for the technical solution.


Cheers,
Ruwan

On Wed, Feb 20, 2019 at 1:17 PM Johann Nallathamby <[hidden email]> wrote:
IAM Team,

I don't intend to talk about the importance of the claim transformations during provisioning use cases. Currently to support such cases, we propose to write custom provisioning connectors or JIT provisioning handlers. However, I was thinking it would be slick to have a scripting editor similar to the adaptive authentication one we have, so that users can code their transformations in java script before doing the provisioning.

Most of these requirements probably could be satisfied if we bring in a micro service/ESB and transform the data that is received by IS. But then,
1. Deployment gets complex
2. Claim transformation requirements are common, so it makes sense to have the capability within IS itself.

Is this something that we can prioritize as an intern project?

Your thoughts are appreciated.

Thanks & Regards,
Johann.

--
Johann Dilantha Nallathamby | Associate Director/Solutions Architect | WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [hidden email]
Signature.jpg





--
Regards,

Darshana Gunawardana
Technical Lead
WSO2 Inc.; http://wso2.com
E-mail: [hidden email]
Mobile: +94718566859
Lean . Enterprise . Middleware



--
Thanks & Regards,
Prabath




_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [IAM][New Feature] Claim Transformation for Provisioning Use Cases

gayan gunawardana-3
In reply to this post by Darshana Gunawardana


On Wed, Feb 20, 2019 at 2:40 PM Darshana Gunawardana <[hidden email]> wrote:
Hi Johann,

If we are considering a provisioning scenarios in a authentication flow (JIT flows), we should be able use scripting capabilities in adaptive authentication to inject\modify a claim with transformation.
This is great.. Is there any sample or javascript api to manipulate cliams ?

For the pure provisioning flows, +1 to come up with some mechanism.

Thanks,

On Wed, Feb 20, 2019 at 1:29 PM Ruwan Abeykoon <[hidden email]> wrote:
+1 for the technical solution.


Cheers,
Ruwan

On Wed, Feb 20, 2019 at 1:17 PM Johann Nallathamby <[hidden email]> wrote:
IAM Team,

I don't intend to talk about the importance of the claim transformations during provisioning use cases. Currently to support such cases, we propose to write custom provisioning connectors or JIT provisioning handlers. However, I was thinking it would be slick to have a scripting editor similar to the adaptive authentication one we have, so that users can code their transformations in java script before doing the provisioning.

Most of these requirements probably could be satisfied if we bring in a micro service/ESB and transform the data that is received by IS. But then,
1. Deployment gets complex
2. Claim transformation requirements are common, so it makes sense to have the capability within IS itself.

Is this something that we can prioritize as an intern project?

Your thoughts are appreciated.

Thanks & Regards,
Johann.

--
Johann Dilantha Nallathamby | Associate Director/Solutions Architect | WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [hidden email]
Signature.jpg





--
Regards,

Darshana Gunawardana
Technical Lead
WSO2 Inc.; http://wso2.com
E-mail: [hidden email]
Mobile: +94718566859
Lean . Enterprise . Middleware

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


--
Gayan

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [IAM][New Feature] Claim Transformation for Provisioning Use Cases

Ruwan Abeykoon
Hi Gayan,
You could use [1]. Example [2]
"user.localClaims[“<local_claim_url>”] : (Read/Write) "

e.g.

var dateOfBirthClaim = 'http://wso2.org/claims/dob';
var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];

Can Write to claims
context.currentKnownSubject.localClaims['http://wso2.org/claims/fullname'] = 'Jone Doe';

On Mon, Mar 11, 2019 at 12:12 PM gayan gunawardana <[hidden email]> wrote:


On Wed, Feb 20, 2019 at 2:40 PM Darshana Gunawardana <[hidden email]> wrote:
Hi Johann,

If we are considering a provisioning scenarios in a authentication flow (JIT flows), we should be able use scripting capabilities in adaptive authentication to inject\modify a claim with transformation.
This is great.. Is there any sample or javascript api to manipulate cliams ?

For the pure provisioning flows, +1 to come up with some mechanism.

Thanks,

On Wed, Feb 20, 2019 at 1:29 PM Ruwan Abeykoon <[hidden email]> wrote:
+1 for the technical solution.


Cheers,
Ruwan

On Wed, Feb 20, 2019 at 1:17 PM Johann Nallathamby <[hidden email]> wrote:
IAM Team,

I don't intend to talk about the importance of the claim transformations during provisioning use cases. Currently to support such cases, we propose to write custom provisioning connectors or JIT provisioning handlers. However, I was thinking it would be slick to have a scripting editor similar to the adaptive authentication one we have, so that users can code their transformations in java script before doing the provisioning.

Most of these requirements probably could be satisfied if we bring in a micro service/ESB and transform the data that is received by IS. But then,
1. Deployment gets complex
2. Claim transformation requirements are common, so it makes sense to have the capability within IS itself.

Is this something that we can prioritize as an intern project?

Your thoughts are appreciated.

Thanks & Regards,
Johann.

--
Johann Dilantha Nallathamby | Associate Director/Solutions Architect | WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [hidden email]
Signature.jpg





--
Regards,

Darshana Gunawardana
Technical Lead
WSO2 Inc.; http://wso2.com
E-mail: [hidden email]
Mobile: +94718566859
Lean . Enterprise . Middleware

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


--
Gayan


--
Ruwan Abeykoon
Associate Director/Architect,
WSO2, Inc. http://wso2.com 
lean.enterprise.middleware.


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [IAM][New Feature] Claim Transformation for Provisioning Use Cases

gayan gunawardana-3


On Mon, Mar 11, 2019 at 12:28 PM Ruwan Abeykoon <[hidden email]> wrote:
Hi Gayan,
You could use [1]. Example [2]
"user.localClaims[“<local_claim_url>”] : (Read/Write) "

e.g.

var dateOfBirthClaim = 'http://wso2.org/claims/dob';
var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];

Can Write to claims
context.currentKnownSubject.localClaims['http://wso2.org/claims/fullname'] = 'Jone Doe';
Thanks a lot for Information 

Cheers,
Ruwan

On Mon, Mar 11, 2019 at 12:12 PM gayan gunawardana <[hidden email]> wrote:


On Wed, Feb 20, 2019 at 2:40 PM Darshana Gunawardana <[hidden email]> wrote:
Hi Johann,

If we are considering a provisioning scenarios in a authentication flow (JIT flows), we should be able use scripting capabilities in adaptive authentication to inject\modify a claim with transformation.
This is great.. Is there any sample or javascript api to manipulate cliams ?

For the pure provisioning flows, +1 to come up with some mechanism.

Thanks,

On Wed, Feb 20, 2019 at 1:29 PM Ruwan Abeykoon <[hidden email]> wrote:
+1 for the technical solution.


Cheers,
Ruwan

On Wed, Feb 20, 2019 at 1:17 PM Johann Nallathamby <[hidden email]> wrote:
IAM Team,

I don't intend to talk about the importance of the claim transformations during provisioning use cases. Currently to support such cases, we propose to write custom provisioning connectors or JIT provisioning handlers. However, I was thinking it would be slick to have a scripting editor similar to the adaptive authentication one we have, so that users can code their transformations in java script before doing the provisioning.

Most of these requirements probably could be satisfied if we bring in a micro service/ESB and transform the data that is received by IS. But then,
1. Deployment gets complex
2. Claim transformation requirements are common, so it makes sense to have the capability within IS itself.

Is this something that we can prioritize as an intern project?

Your thoughts are appreciated.

Thanks & Regards,
Johann.

--
Johann Dilantha Nallathamby | Associate Director/Solutions Architect | WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [hidden email]
Signature.jpg





--
Regards,

Darshana Gunawardana
Technical Lead
WSO2 Inc.; http://wso2.com
E-mail: [hidden email]
Mobile: +94718566859
Lean . Enterprise . Middleware

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


--
Gayan


--
Ruwan Abeykoon
Associate Director/Architect,
WSO2, Inc. http://wso2.com 
lean.enterprise.middleware.



--
Gayan

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture