Profile management#

A person can manage his own profile.

The profile of a person consists of the following fields:

  • name: string, max 250 characters, optional/nullable
  • locale and time zone
  • avatar: image, optional/nullable
  • one or more email addresses
    • exactly one email address is marked primary
    • addresses become verified after control over them is proven
  • one or more sets of credentials
    • multiple credentials are used for multi-factor-authentication
    • available types: password, hardware token, time-based onetimekey

A person is identified within Skalio ID, and referenced by registered backend applications, by its server-assigned unique ID. This technical value is not meant for human consumption. It is created during entity creation and cannot be changed.

The locale and time zone default to de-DE and Europe/Berlin.

Update personal details#

A person can modify any fields of his profile.

When an avatar is uploaded, it replaces the previously stored image. Only GIF, JPEG and PNG are accepted as payload. The image is resized, cropped to a square and re-encoded to reduce its size.

Email addresses#

A person can add email addresses to his person. Until control over it is proven, the email address is marked as not verified. Until it is confirmed, it cannot be used for authentication or made the primary address.

Image

All email notifications from Skalio ID towards the person are always sent to the primary address.

In addition, security-relevant account notifications are also sent to non-primary, verified addresses. These notifications are:

  • after any credentials of the person have changed
  • after an email address has been added

A primary email address cannot be removed. The person must first mark another verified email address as primary beforehand. Consequently, a person must have at least one email address.

Avatar#

A person can upload an image to be used as a profile picture, or avatar. The uploaded image must be of type image/jpeg, image/png or image/gif and have minimum size of 80x80 pixels. Animated Gifs are not supported. After the upload, the backend will crop the picture into a centered square, then resize it multiple times between 500x500 and 80x80 pixels.

Original#

Image

Processed by backend#

Image Image Image

Rendered by frontend#

The avatar can be fetched via the public profile API (API documentation). Clients can request a desired height, and the backend will select the image most suitable for the request. It is the responsibility of the client to render the image data into the exact required dimensions.

Image

Public profile#

Any authenticated person can view the following profile information about a person:

  • name
  • avatar
  • primary email address

The persons unique identifier (uid) or any of his verified email addresses can be used to request the profile. The primary email address is only shown if it has been verified; otherwise the field may be empty.

Requests for public profiles are authenticated with a simple uid token. Rate limiting may be used to reduce the likelihood of screen-scraping. No further authorization methods are required.

Recover password#

When a person has lost his password, he can request a password reset. See password recovery.

An unverified email address cannot be used for password reset.

Fingerprint#

At creation time, every person receives a fixed fingerprint consisting of four elements. The fingerprint is visible both to the profile owner and in the public profile. It can be presented as translatable text, as numbers or graphically as Emoji.

Example fingerprint:

airplane - tomato - hammer - books

✈ 🍅 🔨 📚

The identity of profiles can be confirmed between two persons by exchanging the fingerprint over a side channel, e.g. email or a telephone call. This can be useful when one person wants to securely interact with another person (e.g. add to an organization, invite to collaborate, etc.).

Image