Add UserParameters

[antolinos]

Today the amount of metadata that can be associated with a user is limited and the fields are basically: name, fullName, email, orcid.

The complete list is:

Field	Type	Description
fullName	String [255]	May include title
createId	String
createTime	Date
modTime	Date
email	String [255]	An email address for the user
name	String [255] NOT NULL	The name of the user to match that provided by the authentication mechanism
modId	String
orcidId	String [255]	An ORCID iD for the user

Besides, currently the entity User has the following relationships.

Card	Class	Field	Cascaded	Description
0,*	InvestigationUser	investigationUsers	Yes
0,*	UserGroup	userGroups	Yes
0,*	InstrumentScientist	instrumentScientists	Yes
0,*	Study	studies	Yes

It would be great to enrich the metadata of a user.

I don't know what will be be the best implementation but I would suggest from my ignorance to add a new entity called UserParameter

UserParameter
A parameter associated with a user

Uniqueness constraint user, type

Card	Class	Field	Cascaded	Description
1,1	ParameterType	type		The type of the parameter
1,1	User	user		The associated user

Other fields:

Field	Type	Description
stringValue	String [4000]	The value if the parameter is a string
rangeBottom	Double	The minimum value of the numeric parameter that was observed during the measurement period
createId	String
createTime	Date
modTime	Date
dateTimeValue	Date	The value if the parameter is a date
modId	String
error	Double	The error of the numeric parameter
numericValue	Double	The value if the parameter is numeric
rangeTop	Double	The maximum value of the numeric parameter that was observed during the measurement period

[dfq16044]

Could this be potential used for other authentication system other than ldap?
For example, a user might have a different username when using OpenID

[antolinos]

Might be. We use LDAP, DB and openID and we have not needed these parameters. However, we would like to enrich the metadata of a user with extra information. Status of the safety training is one of them.

[dfq16044]

Out of curiosity in all those systems is the user using the same username?

[antolinos]

Not in my case.

[RKrahl]

@dfq16044,

Could this be potential used for other authentication system other than ldap?
For example, a user might have a different username when using OpenID

You want to deal with the case that one single user may have different ways to authenticate, such as LDAP and OpenID and you want to always map them to the same user in ICAT, independently of which authentication the user chose, did I understand you correctly? This needs to be solved in the authentication plugin: on successful authentication, the plugin returns a name and the user object having that name attribute will be associated with that login session. It is common practice to configure authentication plugins such that they add a prefix to the name, just to avoid that different plugins may map to the same ICAT user, but this is not required. The best option to solve this, however, would be to deploy a single sign-on plugin that handles all the different authentication methods and is able to properly match the user.

In any case, this unrelated to this issue.

[dfq16044]

Yes that was the case. I agree with you the best option would be a single sign-on but not sure if all facilities are using it.
The idea was that if you don't have single sign-on, you could potentially use the UserParameter.