• Home
Name Date Size #Lines LOC

..--

figures/12-May-2024-

frameworks/src/12-May-2024-931703

interfaces/12-May-2024-2,9342,236

sa_profiles/12-May-2024-4730

services/12-May-2024-2,2831,716

unittest/12-May-2024-465351

LICENSED12-May-20249.9 KiB177150

OAT.xmlD12-May-2024989 2510

README.mdD12-May-20243 KiB6340

README_ZH.mdD12-May-20242.9 KiB7046

bundle.jsonD12-May-20241.9 KiB6766

useridm.gniD12-May-20241.1 KiB3523

README.md

1# User Identity Management (useridm)
2
3
4## Introduction
5
6As a basic component of the user Identity & Access Management (IAM) subsystem, User Identity Management (useridm) provides a unified interface for managing user credential information in the system and invokes authentication resources through the authentication executor management module to implement lifecycle management and secure storage of user credentials.
7
8**Figure 1** useridm architecture
9
10<img src="figures/useridm_architecture.png" alt="useridm_architecture" style="zoom:80%;" />
11
12## Directory Structure
13
14```undefined
15//base/user_iam/user_idm
16├── frameworks			# Framework code
17├── interfaces			# Directory for storing external interfaces
18│   └── innerkits		# Header files exposed to the internal subsystems
19├── sa_profile			# Profile of the Service ability
20├── services			# Implementation of the Service ability
21├── unittest			# Directory for storing test code
22├── utils				# Directory for storing utility code
23├── bundle.json			# Component description file
24└── useridm.gni			# Build configuration
25```
26
27
28## Usage
29
30### Available APIs
31
32**Table 1** APIs for managing user credentials
33
34| API | Description                            |
35| ------ | -------------------------------- |
36| addCredential(credentialInfo : CredentialInfo, callback : IIdmCallback) : void; | Adds a user credential.|
37| updateCredential(credentialInfo:CredentialInfo, callback:IIdmCallback) : void; | Updates a user credential.|
38| delUser(token : Uint8Array, callback : IIdmCallback) : void; | Deletes a Personal Information Number (PIN). When a PIN is deleted, all authentication credentials of the user are also deleted.|
39| delCred(credentialId : Uint8Array, token : Uint8Array, callback : IIdmCallback) : void; | Deletes a user credential.|
40
41**Table 2** API for querying user credential information
42
43| API| Description                      |
44| ------ | -------------------------------- |
45| getAuthInfo(callback : AsyncCallback<Array<EnrolledCredInfo>>,authType? : AuthType) : void; | Obtains one or all types of authentication credentials of a user.|
46
47### Usage Guidelines
48
49- The APIs defined in the header file ```common\interface\useridm_interface.h``` in the [useriam_auth_executor_mgr](https://gitee.com/openharmony-sig/useriam_coauth) repository must be implemented in a Trusted Execution Environment (TEE). In addition, the association between the user credentials and user IDs should not be tampered with, and unified user authentication must be supported.
50- During the adaptation, vendors can refer to the software implementation of related functions provided by the OpenHarmony framework.
51
52## Repositories Involved
53
54[useriam_auth_executor_mgr](https://gitee.com/openharmony/useriam_auth_executor_mgr)
55
56**[useriam_user_idm](https://gitee.com/openharmony/useriam_user_idm)**
57
58[useriam_user_auth](https://gitee.com/openharmony/useriam_user_auth)
59
60[useriam_pin_auth](https://gitee.com/openharmony/useriam_pin_auth)
61
62[useriam_faceauth](https://gitee.com/openharmony/useriam_faceauth)
63

README_ZH.md

1# 用户身份凭据管理
2
3- [简介](#简介)
4- [目录](#目录)
5- [说明](#说明)
6  - [接口说明](#接口说明)
7  - [使用说明](#使用说明)
8- [相关仓](#相关仓)
9
10
11## 简介
12
13**用户身份凭据管理**(useridm)是用户IAM子系统的基础部件之一,向上提供系统内统一的用户身份凭据信息管理(设置、修改和删除)接口,向下通过认证执行器管理模块,调用系统内的认证资源,完成用户身份凭据的生命周期管理和安全存储。
14
15**图1** 用户身份凭据管理架构图
16
17<img src="figures/用户身份凭据管理架构图.png" alt="用户身份凭据管理架构图" style="zoom:80%;" />
18
19## 目录
20
21```undefined
22//base/user_iam/user_idm
23├── frameworks			# 框架代码
24├── interfaces			# 对外接口存放目录
25│   └── innerkits		# 对内部子系统暴露的头文件,供系统服务使用
26├── sa_profile			# Service Ability 配置文件
27├── services			# Service Ability 服务实现
28├── unittest			# 测试代码存放目录
29├── utils				# 工具代码存放目录
30├── bundle.json			# 组件描述文件
31└── useridm.gni			# 构建配置
32```
33
34
35## 说明
36
37### 接口说明
38
39**表1** 凭据信息管理接口
40
41| 接口名  | 描述                             |
42| ------ | -------------------------------- |
43| addCredential(credentialInfo : CredentialInfo, callback : IIdmCallback) : void; | 凭据录入接口 |
44| updateCredential(credentialInfo:CredentialInfo, callback:IIdmCallback) : void; | 凭据修改接口 |
45| delUser(token : Uint8Array, callback : IIdmCallback) : void; | 口令删除接口,当系统内删除用户口令时,也同时删除该用户的全部认证凭据 |
46| delCred(credentialId : Uint8Array, token : Uint8Array, callback : IIdmCallback) : void; | 凭据删除接口 |
47
48**表2** 凭据信息查询接口
49
50| 接口名 | 描述                       |
51| ------ | -------------------------------- |
52| getAuthInfo(callback : AsyncCallback<Array<EnrolledCredInfo>>,authType? : AuthType) : void; | 信息查询 接口,支持查询用户录入的一类或全部类型认证凭据 |
53
54### 使用说明
55
56- 需在可信执行环境内实现[useriam_auth_executor_mgr](https://gitee.com/openharmony-sig/useriam_coauth)仓内,头文件```common\interface\useridm_interface.h``` 中定义的接口,保证用户身份认证凭据信息与用户id的关联关系不可篡改,可以支持统一用户认证功能。
57- OpenHarmony框架提供了相关功能的软件实现,可供厂商适配时参考实现。
58
59## 相关仓
60
61[useriam_auth_executor_mgr](https://gitee.com/openharmony/useriam_auth_executor_mgr)
62
63**[useriam_user_idm](https://gitee.com/openharmony/useriam_user_idm)**
64
65[useriam_user_auth](https://gitee.com/openharmony/useriam_user_auth)
66
67[useriam_pin_auth](https://gitee.com/openharmony/useriam_pin_auth)
68
69[useriam_faceauth](https://gitee.com/openharmony/useriam_faceauth)
70