diff --git a/en/readme/figures/User-IAM-subsystem-architecture.png b/en/readme/figures/User-IAM-subsystem-architecture.png index 13a861f97107524e38ed06f1e3d153cdc7d55fe2..64eaba85160ef22e68b0ebb53ab7e7862d881cec 100644 Binary files a/en/readme/figures/User-IAM-subsystem-architecture.png and b/en/readme/figures/User-IAM-subsystem-architecture.png differ diff --git a/en/readme/user-iam.md b/en/readme/user-iam.md index 52aba67d9048692ead51f3141090abaeb878ab43..0bd5165ee68e3351cedc0753cdb9523550295193 100644 --- a/en/readme/user-iam.md +++ b/en/readme/user-iam.md @@ -16,14 +16,16 @@ The user IAM subsystem consists of the unified user authentication framework and Based on the unified user authentication framework, the system can be extended to support multiple authentication capabilities. Currently, the authentication executors supported by OpenHarmony are password and facial authentication. To implement a new authentication executor, you only need to implement authentication capabilities in a new part and connect the new part to the unified user authentication framework based on the interfaces defined by the authentication executor management part. -*Note: In the user IAM subsystem, an authentication executor is the minimum execution unit of a user identity authentication operation. For example, a password authentication module is responsible for password collection, password processing and comparison, and secure storage, and therefore it can be abstracted as a password authentication executor.* +> **NOTE** +> +>In the user IAM subsystem, an authentication executor is the minimum execution unit of a user identity authentication operation. For example, a password authentication module is responsible for password collection, password processing and comparison, and secure storage, and therefore it can be abstracted as a password authentication executor. ## Directory Structure ```undefined //base/user_iam -├── user_auth_framework # User authentication framework, including user authentication, credential management and executor management +├── user_auth_framework # User authentication framework, including user authentication, credential management, and executor management ├── face_auth # Facial authentication module, which connects to the authentication executor management part and supports facial information recording, deletion, and verification ├── pin_auth # Password authentication module, which connects to the authentication executor management part and supports password recording, deletion, and verification @@ -31,15 +33,15 @@ Based on the unified user authentication framework, the system can be extended t ## Constraints -1. User credential management is a key operation in the system, and interfaces used for user credential management can be invoked only by basic system applications. -2. The authentication executors process user authentication credentials and their capabilities can only be implemented by system services for interconnection with the authentication executor management part. +- User credential management is a key operation in the system, and the interfaces used for user credential management can be invoked only by basic system applications. +- The authentication executors process user authentication credentials, and their capabilities can only be implemented by system services for interconnection with the authentication executor management part. ## Usage ### How to Use 1. The unified user authentication framework must work with an authentication executor. -2. The first default authentication executor in the system must be password authentication. +2. The first default authentication executor in the system must be a password authentication executor. ## Repositories Involved