search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
741 stars 719 forks source link

Multi-region deployment to achieve regulatory compliance for WSO2 Identity Server #15459

Open ashensw opened 1 year ago

ashensw commented 1 year ago

An enterprise must adhere to regional regulatory compliance requirements, such as regionally hosted data and services. For example, GDPR has requirements for storing sensitive user information within the region the user is in.

  1. Users log in to a domain-qualified application name and, based on that application, will route the traffic to the respective region and perform authentication.
  2. Users should be able to register through a common domain into a specific region. The user should be able to log in from different regional applications other than the user who got registered. ( Ex. the User onboard through .com website and then user login into the .co.uk domain website)
  3. Users should be able to register through a common domain into a specific region. The user should be able to log in from different physical regions other than the user got signup/registered (Assume we can process data in other regions)

    User onboard through common/shared Saas app to Germany User travel to the US and try to login to the SaaS app Saas App uses a discovery service to find the region and route to the respective region (German) for authentication

Need to validate the feasibility and provide a guide with the impact on the product scenarios, including any data loss information.

Sachin-Mamoru commented 1 year ago

Initial Design Document - [OnPrem] [Design-outline] Multi-region deployment to achieve regulatory compliance for IS

Proposed Solution The following solutions were identified for resolving the user region during login:

  1. Through user input - By getting the user resident region as user input.
image
  1. Through region resolver - Resolve the user region without user input.
image
DMHP commented 9 months ago

@ashendes Please update the progress here.

ashendes commented 9 months ago

@DMHP progress updates were moved to the iam-engineering issue.

aaujayasena commented 9 months ago

@ashendes is this plan to deliver with the IS 7.0.0. If not shall we update this in new dashboard https://github.com/orgs/wso2/projects/97/views/1 with proper status.

ashendes commented 9 months ago

@aaujayasena this task is on-hold for the moment. I have removed it from the IS 7.0.0 board until further internal discussions.