skip to main |
skip to sidebar
Clinic degrees
Start working in a pharmacy.
============================================================================================================================ Hal, in your view would that be the same for a bulk action? On 1/3/11 1:07 PM, Hal Lockhart wrote: The typical password reset scenario is this: Every user is expected to control an email account which is associated with the userid at registration time. The password reset request causes the password to be set to a random value and marked for single use only (user must change the password after signing in.) The random password is then sent to the email account associated with the userid. The criterion for making this request is often nothing, since the only threat is a mild denial of service. (Mild because the user can be told when he tries to login that his password has been reset and directed to look in his in basket.) It is possible to require answers to questions in order to make this request, but it seems to me that this is going to be an application e.g. HTTP/html flow rather than an SPML one. Hal -----Original Message----- *From:* Gary Cole *Sent:* Monday, December 20, 2010 4:42 PM *To:* Richard Sand *Cc:* OASIS PSTC *Subject:* [provision] Re: ForgotMyPassword (was "Re: [provision] use case for extended password reset capabilities") Richard, I forgot to ask one very important question earlier: What is the actual use-case here? That is, what business problem is the customer trying to solve (by exposing ForgotMyPassword over SPML)? An individual end-user is not typically a requester. (A typical requester is an application or another business-unit, partner or supplier.) The trust-model for an end-user is a little weird, since most end-users would not map to identities with administrative rights in the Provider. The Provider would have to perform authorization (i.e., to scope appropriately the end-user's access to information-objects within the Provider). The trust-model for an UNAUTHENTICATED END-USER is even trickier: since the Provider cannot really trust an unauthenticated user, the Provider must limit very carefully the information that it reveals (lest it provide an attack-point that a program could use to guess passwords). An application that acts as an SPML Requester could support ForgotMyPassword by getting questions and answers from the central server (SPML Provider) securely and then performing secondary authentication (e.g., security Q&A) itself. Once the application confirms the end-user's answers, the application could request from the Provider an administrative setPassword for the end-user. So, then, what is the motivation for a Provider to expose an end-user ForgotMyPassword capability? Is the idea that the customer is trying to centralize not only identity information but also the policies that govern the quality and number of secondary-authentication questions that must be answered by an end-user? On Dec 20, 2010, at 10:23 AM, Gary Cole wrote: This is a good idea. ForgotMyPassword is a very common use-case. We can fuss over the details later. (Because the implicit requestor in this scenario is an unauthented end-user, rather than a proxied administrator, we may want to make this a separate ForgotMyPassword capability. Also, something like the you mentioned may be very useful in correlating challenge-answers with multiple challenge-questions. ) Do we also want a ForgotMyLoginName function? The provider could do a lookup (i.e., search) based on email-address or some other identifier. If the value of the identifier is non-unique, or if the value is not found, we might want to return an error to indicate this, but we'd have to be careful not to give an attacker a tool for guessing email addresses or passwords. As you suggested, some sort of token might be useful. Gary On Dec 20, 2010, at 9:58 AM, Richard Sand wrote: Hi all, IÂ've been promising this for awhileÂ
one of the use cases that weÂ've had multiple clients consider implementing via SPML is for forgotten password reset and/or recovery. Its an example of a use case where we can add some Â"higher levelÂ" capability to SPML so that it supports the identity-management operations that many applications provide, instead of just lower level atomic operations. The existing set and resetPassword operations can be extended to cover forgotten password reset/recovery by adding elements for challenge/response questions and answers, and we can also add an operation for querying for challenge questions for a given PSOID. Some hacked up non-normative examples: What was the color of your first car black Of course there could be multiple challenge elements. The process of challenging for a password reset often requires statefulness over two or more requests, so a generic token element can be used to maintain state. It can also be used for example by captcha mechanism if the PSP wishes to enforce such a mechanism there (as opposed to just leaving it up to the application). A flow could go something like: 1)Request for pwd reset challenge 2)Response with challenge and token xyzH1 What was the color of your first car 3)Request for pwd reset with challenge answers and token xyzH1 What was the color of your first car black There are a lot of ways to express the above with different semantics  I just made those up as ideas. The point is that its flexible and still allows the PSP to determine what the challenge system is that it supports. For example some clients may have Â"bucketsÂ" of questions where the user must select 1 question of out 5 from each of 3 buckets  I can see adding an optional Â"challengeidÂ" attribute of the challenge element to enable the systems to perform multiple challenges in the same transaction for this. The existing (re)setPassword functionality allows for the end user changing their own password by supplying the old password. We could also add an element or perhaps an attribute to the request element that specifies what type of identity is making the request  is it an administrator or is it the end user? But also the notion of request metadata, which is a separate topic altogether, could meet that need. Anyway look forward to your thoughts and comments. But this in general is the kind of thing I want to add to SPML  elements that are specific to higher level IDM functions like self registration, enable/disable of accounts, self-service request access to a role, etc. Thoughts? *Richard Sand*|CEO 239 Kings Highway East|Haddonfield|New Jersey 08033|USA Mobile: +1 267 984 3651|Office: +1 856 795 1722|Fax: +1 856 795 1733 < http://www.skyworthttg.com/ > I am new to JCS and I thought that IndexedDiskCache might be a good way to provide a persistent overflow ability to a queue. I have a need to send messages from one service to another but the receiving service sometimes gets busy and can't handle more incoming messages for a while. I could just keep them in a memory queue but that would impose storage limits and would not survive a shutdown. IndexedDiskCache seems to fit the bill for what I want. All messages would go into the cache, but since most entries would be removed almost immediately by a forwarding thread they would never get written. If the message flow backs up, entries kept in memory would be written to disk automatically. When shutting down, the keys get written as well and the cached items can be made available on startup. Unfortunately, when I tried to learn about the details of the cache I couldn't find any detailed explanation of how it actually works. What's more, there have apparently been quite a few changes in design between 1.3 and 1.3.3.5-RC. I'd like to offer a couple of examples of problems I'm having in hopes that you can educate me (hopefully you won't tell me I'm an idiot for trying this with JCS!). I attempted to do some basic testing of the cache using the 1.3.3.5-RC build but I ran into some problems. I am directly instantiating the cache as follows: IndexedDiskCacheAttributes attrs = new IndexedDiskCacheAttributes(); attrs.setCacheName(CACHE_NAME); attrs.setDiskPath(file.getPath()); cache = new IndexedDiskCache(attrs); One of the first oddities I found is that calling update() adds an entry to the cache but getSize() does not reflect that until later when the item is written to disk. Is getSize() only supposed to report on the number of entries on disk? Shouldn't there be a way to get the number of entries in the cache? Calling doUpdate() directly seems to have the effect I expect (size updated immediately but writes to disk are still delayed) but that method was made protected since 1.3 and can't be used directly anymore. I must not understand the intentions behind X/doX/processX methods but then again, I did say I looked for doc. ;) Another issue is that on restart, the cache reloads the keys from disk but there is no way for the application to find out what keys were cached! I suppose I could hack it out of the keyHash through introspection but that seems like bad form to me. Shouldn't there be some way to iterate over the cache keys? I know I could wrap the cache to keep a parallel set of keys and manage them separately but that would be extremely wasteful. There also doesn't appear to be any way exposed to allow the keys to be periodically flushed to disk (apart from disposing and recreating the cache). This ability would help greatly with persistence in the face of an unexpected termination (e.g., power off). I know I'm trying to use the IndexedDiskCache in a way that is a little bit unusual but I think I've seen some similar ideas in old mailing list posts. It is tantalizing to me because so much of what I want is already there, but I need to work through some difficulties. You advice and instruction is welcome! Stuart --------------------------------------------------------------------- To unsubscribe, e-mail: jcs- ... @jakarta.apache.org For additional commands, e-mail: jcs- ... @jakarta.apache.org