@@ -16,14 +16,16 @@ The user IAM subsystem consists of the unified user authentication framework and
...
@@ -16,14 +16,16 @@ The user IAM subsystem consists of the unified user authentication framework and
Based on the unified user authentication framework, the system can be extended to support multiple authentication capabilities. Currently, the authentication executors supported by OpenHarmony are password and facial authentication. To implement a new authentication executor, you only need to implement authentication capabilities in a new part and connect the new part to the unified user authentication framework based on the interfaces defined by the authentication executor management part.
Based on the unified user authentication framework, the system can be extended to support multiple authentication capabilities. Currently, the authentication executors supported by OpenHarmony are password and facial authentication. To implement a new authentication executor, you only need to implement authentication capabilities in a new part and connect the new part to the unified user authentication framework based on the interfaces defined by the authentication executor management part.
*Note: In the user IAM subsystem, an authentication executor is the minimum execution unit of a user identity authentication operation. For example, a password authentication module is responsible for password collection, password processing and comparison, and secure storage, and therefore it can be abstracted as a password authentication executor.*
> **NOTE**
>
>In the user IAM subsystem, an authentication executor is the minimum execution unit of a user identity authentication operation. For example, a password authentication module is responsible for password collection, password processing and comparison, and secure storage, and therefore it can be abstracted as a password authentication executor.
## Directory Structure
## Directory Structure
```undefined
```undefined
//base/user_iam
//base/user_iam
├── user_auth_framework # User authentication framework, including user authentication, credential management and executor management
├── user_auth_framework # User authentication framework, including user authentication, credential management, and executor management
├── face_auth # Facial authentication module, which connects to the authentication executor management part and supports facial information recording, deletion, and verification
├── face_auth # Facial authentication module, which connects to the authentication executor management part and supports facial information recording, deletion, and verification
├── pin_auth # Password authentication module, which connects to the authentication executor management part and supports password recording, deletion, and verification
├── pin_auth # Password authentication module, which connects to the authentication executor management part and supports password recording, deletion, and verification
...
@@ -31,15 +33,15 @@ Based on the unified user authentication framework, the system can be extended t
...
@@ -31,15 +33,15 @@ Based on the unified user authentication framework, the system can be extended t
## Constraints
## Constraints
1. User credential management is a key operation in the system, and interfaces used for user credential management can be invoked only by basic system applications.
- User credential management is a key operation in the system, and the interfaces used for user credential management can be invoked only by basic system applications.
2. The authentication executors process user authentication credentials and their capabilities can only be implemented by system services for interconnection with the authentication executor management part.
- The authentication executors process user authentication credentials, and their capabilities can only be implemented by system services for interconnection with the authentication executor management part.
## Usage
## Usage
### How to Use
### How to Use
1. The unified user authentication framework must work with an authentication executor.
1. The unified user authentication framework must work with an authentication executor.
2. The first default authentication executor in the system must be password authentication.
2. The first default authentication executor in the system must be a password authentication executor.