[security-dev] IDM API/Implementation

Anil Saldhana Anil.Saldhana at redhat.com
Wed Aug 22 12:13:51 EDT 2012

On 08/22/2012 11:02 AM, Bill Burke wrote:
> On 8/22/2012 11:47 AM, Anil Saldhana wrote:
>> Hi all,
>>      (Shane will add more info to this thread soon)
>> Shane has been driving the standalone IDM API/Implementation project in
>> the PicketLink umbrella. This is a brand new project.
>> https://github.com/picketlink/picketlink-idm
>> The Key classes/interfaces are:
>> https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/java/org/jboss/picketlink/idm/IdentityManager.java
>> https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/java/org/jboss/picketlink/idm/model/IdentityType.java
>> The Manager has a simple api for user/role/group.  Now each of these
>> types (User,Role,Group) is an IdentityType (implying they get attributes).
>> So for an user, if you want to store/retrieve/represent certificates,
>> password recovery Qs, you can do so as attributes.
>> Currently implementation is done using JPA.
>> There is plan to do an LDAP implementation.
> I would also suggest text file based impl, as well as a layered hybrid
> federated solution.  What I mean by that is the security developer
> receives one interface to query from, but the information may be
> contained in a variety of sources, LDAP, text file, keystore, DBMS,
> HTTP.  For example, a company might not want to store private keys
> within an LDAP server, but is quite happy storing user/roles in an LDAP
> server.
Bill, that is the concept of Virtual Directories, a central piece in 
IDM. I think we need to consider that in implementations of the 
IdentityStore api.

More information about the security-dev mailing list