[Yanel-dev] User Properties / IML
Michael Wechner
michael.wechner at wyona.com
Mon Oct 29 15:24:40 CET 2007
Oli Kessler wrote:
>>>
>>> - account expiration
>>
>>
>> I guess this should only be configurable by some "administrator",
>> right?
>> Please note that Yanel doesn't have a dedicated administrator
>> account and this would rather be protected by some policy and
>> appropriate usecase.
>
>
> Yes, access to this field must be granted to the administrator only.
> A suitable protection scheme must exists - can we borrow something
> from an existing usecase here?
maybe we can extend the yanel-user resource somehow resp. somehow use
the usecases framework by Josias by introducing a usecase
"edit-expire-date".
It also means we should extend the security API
Date User.getExpireDate()
void User.setExpireDate(Date date)
ok?
>
>
>>
>>> - homepage (default page after login)
>>
>>
>>
>> if this not being set, how should the default be? It seems to me we
>> have to options:
>>
>> - the originally requested URL
>> - a realm specific default page
>
>
> Full ack. I'd prefer a solution with the following priorities for the
> initial reponse after successfull authentication, given the settings
> exist:
> - user's home page
I guess this means we need to enhance the Realm API (and not the user,
because the security has no clue about Realms)
String Realm.getHomepage(User user)
void Realm.setHomepage(User user, String homepage)
> - realm's default page
> - original request
>
> This will allow for most scenarios. If the user can configure his
> homepage (and I'd very much support this), we can however not force a
> default page on the initial request as the user's setting overwrite
> the realm's configuration - is there a way to enable/disable such a
> feature in a realm-wide context?
you mean like a welcome page (?), but doesn't that mean the realm's
default page is actually obsolete?
If we want to implement a welcome page which can be personalized, then I
guess we should also enhance the Realm API
String Realm.getWelcomePage(User user)
void Realm.setWelcomePage(User user, String welcomePage)
and for realm-wide resp. aggregration of "global" with personalized we
would need
String Realm.getWelcomePage()
void Realm.setWelcomePage(String welcomePage)
but I am note sure if this makes re sense aggregation (XHTML snippets,
images pathes, ...)
Another possibility is to move this into the custom config (see below)
>
>
>>
>>> - last login (date, to be written on successfull login)
>>
>>
>>
>> wouldn't it make sense to keep the whole history (also with
>> additional info, such as machine (whereas this might not make sense
>> behind a proxy ...)
>
>
> If the repository permits it, why not? However, I see currently no
> usecase for an unlimited login history - my initial idea was just to
> inform the user about it on successfull login (like the info you get
> on a unix shell login).
ok, so let's drop it for the moment ;-) We can always enhance, hopefully :-)
I think it's important to note, that this also rather belongs to a
realm, than to the user (I mean API wise)
>
> Another usecase which would use similar data is account locking based
> on some number of failed logins - a limited history would be
> enough (the locking threshold) but instead of successfull logins, all
> login attempts must be stored. My example below has mentioned this in
> the custom properties somewhat more primitive with a failed login count.
>
>>
>>>
>>> Also, a facility to write application specific, custom properties
>>> to the user object would be very helpful.
>>>
>>> We'd thus like to extend the current IML like this:
>>>
>>> <identity id="foo" xmlns="http://www.wyona.org/security/1.0">
>>> <name>Foo Account</name>
>>> <description>Bars</description>
>>> <email>foo at bar.com</email>
>>> <password type="md5">xxx</password>
>>>
>>> <expire date="2007-12-24T00:00:00"/>
>>> <hompage>/en/topics/dashboard.html</homepage>
>>> <lastLogin date="2007-10-26T16:34:22"/>
>>>
>>> <custom:properties xmlns:custom="http://www.foobar.com/yanel/
>>> security/1.0">
>>> <custom:locked>false</custom:lock>
>>> <custom:failedLogins>7</custom:failedLogins>
>>> <custom:welcomePage>/en/global/motd.html</custom:welcomePage>
>>> </custom:properties>
>>> </identity>
>>
>>
>>
>> sounds good to me, whereas I guess it would make sense to implement
>> this within the API whereas a DOM would be returned.
>
>
> Yes, a custom implementation can interpret the data in the DOM block.
so the API would like
Document User.getCustomConfiguration()
void User.setCustomConfiguration(Document config)
WDYT?
Michi
>
> Cheers,
> -ok
>
> --
> ncode solutions gmbh
> http://www.ncode.ch
>
> tel +41 43 817 01 88
> fax +41 43 817 02 88
> Zurich / Switzerland
>
>
> _______________________________________________
> Yanel-development mailing list
> Yanel-development at wyona.com
> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
--
Michael Wechner
Wyona - Open Source Content Management - Yanel, Yulup
http://www.wyona.com
michael.wechner at wyona.com, michi at apache.org
+41 44 272 91 61
More information about the Yanel-development
mailing list