|
|
Post by ratagupt on Feb 28, 2019 14:44:24 GMT
In Account Schema, Following property are read only.
======================================================
MaxPasswordLength description "The maximum password length for this service." longDescription "This property shall reference the maximum password length that the implementation will allow a password to be set to." minimum 0 readonly true type "integer" MinPasswordLength description "The minimum password length for this service." longDescription "This property shall reference the minimum password length that the implementation will allow a password to be set to." minimum 0 readonly true type =======================================================
Why it is read only? These password policy should be configurable at runtime
Ratan
|
|
|
|
Post by ratagupt on Jun 27, 2019 2:41:50 GMT
Hi Jeff,
Are we planning to include the above requirement in the schema?
One more requirement related to password, Can we include a configurable password regex?
Ratan
|
|
|
|
Post by mraineri on Jul 2, 2019 19:04:21 GMT
Historically speaking, MaxPasswordLength and MinPasswordLength have usually been implementation specific and not necessarily a configurable item. However, things like this I can see as being configurable in some cases, and we can raise this in the group for further discussion.
As far as adding a regex pattern for password requirements, I'd be concerned about interoperability of expressing that string generically across multiple implementations. It seems like the string itself can be complex and might not be easy for humans to enter.
|
|
|
|
Post by ratagupt on Jul 3, 2019 11:48:02 GMT
Historically speaking, MaxPasswordLength and MinPasswordLength have usually been implementation specific and not necessarily a configurable item. However, things like this I can see as being configurable in some cases, and we can raise this in the group for further discussion. As far as adding a regex pattern for password requirements, I'd be concerned about interoperability of expressing that string generically across multiple implementations. It seems like the string itself can be complex and might not be easy for humans to enter. Hi Mike, Thanks for the reply. I was thinking if admin can enforce strict password policy by configuring the regex. Other Idea was, can we have a property which tells that old password shouldn't be allowed for n number of times? Ratan |
|
|
|
Post by ratagupt on Jul 11, 2019 5:37:43 GMT
Hi Mike,
does that make sense to have an option to configure the password policy?
eg: old password shouldn't be allowed for n number of times?
password should have at least One uppercase or some special characters.
|
|
|
|
Post by mraineri on Jul 11, 2019 12:08:15 GMT
Yeah, I understand the request. I'll bring this up in the group for further discussion along with the other requests.
|
|
