User Tools

Site Tools


Password Change Service Beans

Author Daniel Fisher
Date 2005/04/19


Problem Statements

  • No standard way of changing a user id's password exists, instead numerous tools, which operate in different manners, are currently used.
  • No standard password strength checks are made in any of the plethora of password change tools currently used (with respect to UUPID passwords).

Functional Requirements

  1. Ability to present two randomly chosen questions from a user id's forgotten password reset question/answer challenge pairs
  2. Ability to reset a user id's forgotten password given the user's UUPID and two correctly answered forgotten password reset questions
  3. Ability to set and update password reset question/answer pairs
  4. A history of the user id's last 4 passwords must be kept
  5. Ability to define a dictionary to check passwords against
  6. Ability to change a user id's password given their UUPID, old password, and new password
  7. Ability to push the password to multiple systems, such the ED-Registry and Active Directory, upon change
  8. Ability to add new systems to receive the password change with relative ease
  9. Ensure new passwords meet the strength requirements currently in place for UUPID passwords.
  10. Ability to check a password's strength without actually changing the password
  11. Ability to change the password with a required strength check
  12. Ability to change the password without checking the strength
  13. Log of the following transactions:
    • Who tried to change their password
    • Whether the change was successful
    • The date and time the event occurred (to within the millisecond)

Nonfunctional Requirements

  1. Must be implemented as a clustered stateless session bean.
  2. All methods must accept UUPIDs as input, not UIDs.
  3. Methods must be exposed as web services.
  4. Must have a low latency, less then 1 second to change a password and return a result, under heavier then expected load
  5. All communication between the password change service session beans and external entities, either clients or services receiving password synchronization updates, must be secure.


middleware/devel/ed/pcs.txt · Last modified: 2015/06/01 12:02 (external edit)