User validation with user profiles

Applications can prompt users to register the credentials that they need to access various domains in a user profile.

To search a domain that requires user credentials to be validated when a query is submitted, users must provide the application with the credentials that they use to log in to the domain. Through identity management, users can store credentials for any number of domains in a user profile. The credentials are encrypted and stored securely in the Watson Explorer Content Analytics system.

If credentials are not specified for a domain that requires current credentials to be validated, documents from that domain are excluded from the search results.

Users can create a user profile and register their credentials while they use an application. In the provided applications, this capability is provided by the My Profile option. Your custom applications might implement this capability differently.

Collections can contain documents from many different types of sources. For example, a collection can contain documents that were crawled from a Windows file system and several Lotus Notes® databases. The identity management component differentiates between the different types of sources and prompts only for credentials that are needed to access domains that require validation.

By default, each credential is enabled for search and thus requires the user to provide the user ID and password that corresponds to the secure domains. If the user has forgotten the user ID or password for a particular domain, the domain can be disabled for searching by clearing the check box. Disabling a domain prevents secure documents in those domains from being returned in a result set.

After creating a profile, the user can submit a search request. The identity management component has the information necessary to build the user's security context (USC) string to be used on subsequent search requests. If you do not use the identity management component, the application must supply the USC string when users query domains that require current credentials to be validated.

The next time the user attempts to search a collection, the identity management component repeats the credential verification process, but this time is able to locate the user's profile. If nothing changed, then the user is positioned automatically where search requests can be submitted and is not prompted to create a profile.

If the identity management component detects a change in the any of the user's credentials, the user is automatically presented with the profile page when the application is accessed. This occurs, for example, when a password for any of the domains that are enabled for search is changed or when a domain that requires authentication is added to a collection.

Users can ignore the recommendation to update the profile, but doing so results in excluding those documents from the search results.