From 9e585901a4d94148bd6a346a6eea4bd2fb2142d6 Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Mon, 15 Jun 2020 17:21:43 +0200 Subject: [PATCH] Behavioral data schema for focus --- .../xml/ns/public/common/common-core-3.xsd | 134 ++++++++++++------ 1 file changed, 89 insertions(+), 45 deletions(-) diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd index db7ce60d2e8..cb2dbe0ea6c 100755 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd @@ -4745,6 +4745,15 @@ + + + + FocusType.behavior + 4.2 + + + + @@ -5105,7 +5114,7 @@ This is a container type for various credentials types: passwords, public keys, one-time password scheme identifiers, etc. However, we expect that password will be the most widely used credential - type and that's actually also the only supported type. + type. The reason to "formalize" this structure is the ability to synchronize credentials. If the password would be just an ordinary attribute, we cannot automatically synchronize user and account passwords. @@ -5113,10 +5122,6 @@ Note: marking password with a special attribute type will not be enough. There may be numerous passwords with various meanings, we need to distinguish the "primary" one to synchronize. We also need to store user password somewhere. - - This is not perfect. It may change in the future. - - TODO: support for "old password", e.g. some resource need it to change password. @@ -5144,35 +5149,46 @@ - + - + + + General-purpose behavioral data. + In a more specific meaning: behavioral data of an agent (user or system), usually represented in midPoint by focus. + This data structure records informational data about the agent's behavior, such as authentications, interaction with systems and so on. + Such data are inherently _observed_, e.g. they are not configured by the user. + + 4.2 - - - - Name of the credential. It is used as an identifier that - specifies credential purpose. E.g. it may specify whether - this is default user password or administration password, - whether this is a nonce for registration or password reset - and so on. Simply speaking the name is used to distinguish - credentials that have the same type but different purpose. - - - true - - + + + + + + + + + + Behavioral data about past authentications. + + + + 4.2 + + + @@ -5219,37 +5235,65 @@ - - - - Timestamps and general metadata describing the credential change. - - - true - - - - - - - If it is required to change password. E.g. there are situation when you set first password - for the user, but after the user fist log in to the system, he/she has to change his/her password. - - - AbstractCredentialType.forceChange - true - 3.6 - - - + + + + + + + + + + + + + Name of the credential. It is used as an identifier that + specifies credential purpose. E.g. it may specify whether + this is default user password or administration password, + whether this is a nonce for registration or password reset + and so on. Simply speaking the name is used to distinguish + credentials that have the same type but different purpose. + + + + + + + Timestamps and general metadata describing the credential change. + + + true + + + + + + + If it is required to change password. E.g. there are situation when you set first password + for the user, but after the user fist log in to the system, he/she has to change his/her password. + + + AbstractCredentialType.forceChange + true + 3.6 + + + + + + + + + +