search

icatproject / icat.server

The ICAT server offering both SOAP and "RESTlike" interfaces to a metadata catalog.
Other
1 stars 5 forks source link

Add UserParameters #236

Open antolinos opened 4 years ago

antolinos commented 4 years ago

Today the amount of metadata that can be associated with a user is limited and the fields are basically: name, fullName, email, orcid.

The complete list is: Field Type Description
fullName String [255] May include title
createId String  
createTime Date  
modTime Date  
email String [255] An email address for the user
name String [255] NOT NULL The name of the user to match that provided by the authentication mechanism
modId String  
orcidId String [255] An ORCID iD for the user
Besides, currently the entity User has the following relationships. Card Class Field Cascaded Description
0,* InvestigationUser investigationUsers Yes  
0,* UserGroup userGroups Yes  
0,* InstrumentScientist instrumentScientists Yes  
0,* Study studies Yes  

It would be great to enrich the metadata of a user.

I don't know what will be be the best implementation but I would suggest from my ignorance to add a new entity called UserParameter

UserParameter A parameter associated with a user

Uniqueness constraint user, type

Card Class Field Cascaded Description
1,1 ParameterType type   The type of the parameter
1,1 User user   The associated user

Other fields:

Field Type Description
stringValue String [4000] The value if the parameter is a string
rangeBottom Double The minimum value of the numeric parameter that was observed during the measurement period
createId String  
createTime Date  
modTime Date  
dateTimeValue Date The value if the parameter is a date
modId String  
error Double The error of the numeric parameter
numericValue Double The value if the parameter is numeric
rangeTop Double The maximum value of the numeric parameter that was observed during the measurement period
dfq16044 commented 4 years ago

Could this be potential used for other authentication system other than ldap? For example, a user might have a different username when using OpenID

antolinos commented 4 years ago

Might be. We use LDAP, DB and openID and we have not needed these parameters. However, we would like to enrich the metadata of a user with extra information. Status of the safety training is one of them.

dfq16044 commented 4 years ago

Out of curiosity in all those systems is the user using the same username?

antolinos commented 4 years ago

Not in my case.

RKrahl commented 4 years ago

@dfq16044,

Could this be potential used for other authentication system other than ldap? For example, a user might have a different username when using OpenID

You want to deal with the case that one single user may have different ways to authenticate, such as LDAP and OpenID and you want to always map them to the same user in ICAT, independently of which authentication the user chose, did I understand you correctly? This needs to be solved in the authentication plugin: on successful authentication, the plugin returns a name and the user object having that name attribute will be associated with that login session. It is common practice to configure authentication plugins such that they add a prefix to the name, just to avoid that different plugins may map to the same ICAT user, but this is not required. The best option to solve this, however, would be to deploy a single sign-on plugin that handles all the different authentication methods and is able to properly match the user.

In any case, this unrelated to this issue.

dfq16044 commented 4 years ago

Yes that was the case. I agree with you the best option would be a single sign-on but not sure if all facilities are using it. The idea was that if you don't have single sign-on, you could potentially use the UserParameter.