Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update enduser domain and add enduser.pseudo.id #1456

Open
wants to merge 36 commits into
base: main
Choose a base branch
from
Open
Changes from 6 commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
3e1655f
Add authentication to enduser namespace
heyams Oct 7, 2024
6f858a2
Fix yamllint
heyams Oct 7, 2024
07cb1eb
Fix weaver
heyams Oct 7, 2024
ee0970f
Update markdowns
heyams Oct 7, 2024
38d8687
Generate gh issue
heyams Oct 7, 2024
b1cdc13
Fix policies-check and compatibility
heyams Oct 7, 2024
068a822
Update
heyams Oct 22, 2024
e05d7a3
Merge branch 'main' into heya/add-enduser-namespace
heyams Oct 22, 2024
c17bec6
Update changelog
heyams Oct 22, 2024
0fa3ffc
Merge branch 'heya/add-enduser-namespace' of https://github.com/heyam…
heyams Oct 22, 2024
d0e26d5
Update
heyams Oct 22, 2024
614a52e
Fix yamllint
heyams Oct 22, 2024
a499237
Fix
heyams Oct 22, 2024
5bfbfe2
Fix trailing spaces
heyams Oct 22, 2024
5f883d0
Use 'make generate-gh-issue-tempaltes
heyams Oct 23, 2024
13919ed
Update
heyams Nov 22, 2024
272ded3
Merge remote-tracking branch 'upstream/main' into heya/add-enduser-na…
heyams Nov 22, 2024
5c0d6d3
Update
heyams Nov 22, 2024
ff85999
Fix identity not found
heyams Nov 22, 2024
d626e6c
Update
heyams Nov 22, 2024
cb32498
Fix yamllint
heyams Nov 22, 2024
1c53711
Fix backward compat
heyams Nov 22, 2024
51d0c99
Rename enduser.id to enduser.pseudo.id
heyams Dec 10, 2024
5d10c08
Merge remote-tracking branch 'upstream/main' into heya/add-enduser-na…
heyams Dec 10, 2024
949bae8
Update md
heyams Dec 10, 2024
9778890
Update
heyams Dec 10, 2024
23bb6fe
Update attributes.md
heyams Jan 13, 2025
f0623df
Address comments
heyams Jan 13, 2025
435fc1b
Make update
heyams Jan 13, 2025
ca87ccc
Fix yamllint
heyams Jan 13, 2025
2b09f28
Merge remote-tracking branch 'upstream/main' into heya/add-enduser-na…
heyams Jan 23, 2025
2ccbfe3
Update
heyams Jan 23, 2025
10b2e0c
Fix yamllint
heyams Jan 24, 2025
8c89be8
Address comments
heyams Jan 24, 2025
a96ebb3
Update
heyams Jan 24, 2025
e076c4e
Update
heyams Jan 24, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions .chloggen/add_authentication_enduser_subnamespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Use this changelog template to create an entry for release notes.
#
# If your change doesn't affect end users you should instead start
# your pull request title with [chore] or use the "Skip Changelog" label.

# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
change_type: enhancement

# The name of the area of concern in the attributes-registry, (e.g. http, cloud, db)
component: enduser

# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: introduce subnamespace `enduser.authentication` with new attributes `enduser.authentication.id`, `enduser.authentication.role`, and `enduser.authentication.scope`.

# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
# The values here must be integers.
issues: [1104]

# (Optional) One or more lines of additional information to render under the primary note.
# These lines will be padded with 2 spaces and then inserted directly into the document.
# Use pipe (|) for multiline entries.
subtext: |
The `enduser.authentication` subnamespace is intended to describe the authentication information of the end user.
The new attributes are intended to provide information about the authenticated user in the system,
the role the client is making the request under, and the scopes or granted authorities the client currently possesses.
2 changes: 2 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yaml
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@ body:
- area:android
- area:artifact
- area:aspnetcore
- area:authentication
- area:aws
- area:azure
- area:browser
@@ -41,6 +42,7 @@ body:
- area:disk
- area:dns
- area:dotnet
- area:enduser
- area:error
- area:event
- area:exception
2 changes: 2 additions & 0 deletions .github/ISSUE_TEMPLATE/change_proposal.yaml
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@ body:
- area:android
- area:artifact
- area:aspnetcore
- area:authentication
- area:aws
- area:azure
- area:browser
@@ -33,6 +34,7 @@ body:
- area:disk
- area:dns
- area:dotnet
- area:enduser
- area:error
- area:event
- area:exception
2 changes: 2 additions & 0 deletions .github/ISSUE_TEMPLATE/new-conventions.yaml
Original file line number Diff line number Diff line change
@@ -24,6 +24,7 @@ body:
- area:android
- area:artifact
- area:aspnetcore
- area:authentication
- area:aws
- area:azure
- area:browser
@@ -42,6 +43,7 @@ body:
- area:disk
- area:dns
- area:dotnet
- area:enduser
- area:error
- area:event
- area:exception
1 change: 1 addition & 0 deletions docs/attributes-registry/README.md
Original file line number Diff line number Diff line change
@@ -34,6 +34,7 @@ Currently, the following namespaces exist:
- [Android](android.md)
- [Artifact](artifact.md)
- [Aspnetcore](aspnetcore.md)
- [Authentication](authentication.md)
- [AWS](aws.md)
- [Azure](azure.md)
- [Browser](browser.md)
15 changes: 15 additions & 0 deletions docs/attributes-registry/authentication.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<!--- Hugo front matter used to generate the website version of this page:
--->

<!-- NOTE: THIS FILE IS AUTOGENERATED. DO NOT EDIT BY HAND. -->
<!-- see templates/registry/markdown/attribute_namespace.md.j2 -->

# Authentication

## Authentication Attributes
heyams marked this conversation as resolved.
Show resolved Hide resolved

"Describes the authentication information of an authenticated user."

| Attribute | Type | Description | Examples | Stability |
| ------------------- | ------ | --------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- |
| `authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
15 changes: 8 additions & 7 deletions docs/attributes-registry/enduser.md
Original file line number Diff line number Diff line change
@@ -6,12 +6,13 @@

# Enduser

## Deprecated End User Attributes
## End User Attributes

Describes deprecated enduser attributes. Complete enduser namespace has been deprecated
Describes information about the end user, which can be used as a subdomain of browser, client, or user domains.

| Attribute | Type | Description | Examples | Stability |
| --------------- | ------ | ---------------------------------------- | --------------------------- | -------------------------------------------------------------------------------------------------- |
| `enduser.id` | string | Deprecated, use `user.id` instead. | `username` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `user.id` attribute. |
| `enduser.role` | string | Deprecated, use `user.roles` instead. | `admin` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `user.roles` attribute. |
| `enduser.scope` | string | Deprecated, no replacement at this time. | `read:message, write:files` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Removed. |
| Attribute | Type | Description | Examples | Stability |
| ------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- |
| `authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `enduser.id` | string | Identifier of an end user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `enduser.role` | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `enduser.scope` | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
13 changes: 13 additions & 0 deletions model/authentication/registry.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
groups:
- id: registry.authentication
type: attribute_group
display_name: Authentication Attributes
stability: experimental
brief: >
"Describes the authentication information of an authenticated user."
attributes:
- id: authentication.id
type: string
brief: "Unique identifier of an authenticated user in the system."
examples: [ 'S-1-5-21-202424912787-2692429404-2351956786-1000' ]
stability: experimental
12 changes: 0 additions & 12 deletions model/enduser/deprecated/common.yaml

This file was deleted.

24 changes: 0 additions & 24 deletions model/enduser/deprecated/registry-deprecated.yaml

This file was deleted.

32 changes: 32 additions & 0 deletions model/enduser/registry.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
groups:
- id: registry.enduser
type: attribute_group
display_name: End User Attributes
brief: >
Describes information about the end user, which can be used as a subdomain of browser, client, or user domains.
heyams marked this conversation as resolved.
Show resolved Hide resolved
attributes:
- id: enduser.id
heyams marked this conversation as resolved.
Show resolved Hide resolved
type: string
stability: experimental
heyams marked this conversation as resolved.
Show resolved Hide resolved
brief: >
Identifier of an end user who interacts with a system.
This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system.
examples: ['QdH5CAWJgqVT4rOr0qtumf']
- id: enduser.role
heyams marked this conversation as resolved.
Show resolved Hide resolved
type: string
stability: experimental
brief: 'Actual/assumed role the client is making the request under extracted from token or application security context.'
examples: 'admin'
- id: enduser.scope
heyams marked this conversation as resolved.
Show resolved Hide resolved
type: string
stability: experimental
brief: >
Scopes or granted authorities the client currently possesses extracted from token
or application security context. The value would come from the scope associated
with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3)
or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
examples: 'read:message, write:files'
- ref: authentication.id
heyams marked this conversation as resolved.
Show resolved Hide resolved
stability: experimental
requirement_level:
conditionally_required: if and only if the end user is authenticated.
Loading