Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Child pages
  • Identifier Validation
Skip to end of metadata
Go to start of metadata

Overview

By default, COmanage Registry accepts identifiers of any format, as long as they are unique for a given type within a CO. That is, two CO People within the same CO may not have the same identifier of the same type. (Identifier Assignment will, however, only create identifiers of the format specified.)

As of v2.0.0, Identifier Validation Plugins allow for additional validation to take place. Supported use cases include

  • Extending availability checks beyond the Registry database. This is useful to (eg) prevent assignment of identifiers that conflict with identifiers managed by other systems, such as email aliases.
  • Verifying that a new identifier does not violate restrictions on formats imposed by integrated systems.

Configuration

Plugins must be instantiated (CO >> Configuration >> Identifier Validators) by attaching them to the type of identifier to be validated. Validators can be attached to multiple types (including both Email Address and Identifier types), and a given type can have multiple Validators attached.

Applicability

  • Validation applies only to CO Person records, not Org Identity records. (CO-478)
  • Note that while Validators can apply to Email Addresses, the uniqueness check described above applies only to Identifiers attached to CO Person records.)
  • Identifiers and Email Addresses generated via Identifier Assignment are subject to validation.
  • Identifiers and Email Addresses loaded via Organizational Identity Sources and Registry Pipelines are not subject to availability checks or validation.

Technical Notes

To skip availability checks, including all Identifier Validation Plugin calls, use save($data, array('skipAvailability' => true)).

  • No labels