> This 211945 is, I believe, the resolution to the thread
started by SergeyL.
Really, #211945 concerns
only JNDI CP implementation, but we proposed to make changes to IdAS interfaces.
The main proposals are:
1. separate user data from
IdAS data (from user account data like username/password, PPID hash
etc.);
2. add some methods to IdAS (more likely to
IContext) to be able to manage user accounts;
3. (optional) simplify/standardize user credentials
management.
Now the same digital subject contains as
user data attributes (profile data, for example) as "
#cardKeyHash" (contains PPID hash and is used for authentication with
self-signed card) attribute. We think we need to have
some "user account" stucture (IUserAccount in my
proposal), which will contain authentication materials of
user. May be it can be DigitalSubject
instance, if Jim will insist on this, but there should be some conditions/rules
for such stucture (one instance per user account, some default attributes like
username/password/ppid hash, etc.).