[security-dev] [PicketLink IDM] - File-based Identity Store

Pedro Igor Silva psilva at redhat.com
Fri Jan 18 13:24:54 EST 2013

Hi All,

    Would like to know your opnion about how we're storing identity information using the File-based Identity Store and discuss possible alternatives.

    Just for background, the motivation behind the file-based store is to provide a fast, ready-to-use and simple store, ideally for test and development scenarios/environments. The configuration is minimal and requires the file system.

    Today we're basically serializing objects (JDK Serialization API) and storing them into files. The layout is quite simple:

        total 4
        drwxrwxr-x. 2 pedroigor pedroigor 140 Jan 18 15:20 65d62693-953c-43a6-ac43-4b655174bbb4 ----> Each Partitions has its own directory
        -rw-rw-r--. 1 pedroigor pedroigor 554 Jan 18 15:20 pl-idm-partitions.db ----> Serialized data for partitions
        -rw-rw-r--. 1 pedroigor pedroigor    0 Jan 18 15:20 pl-idm-relationships.db ----> Serialized data for Relationships

        /tmp/pl-idm/65d62693-953c-43a6-ac43-4b655174bbb4: ----> Partition directory.
        total 8
        -rw-rw-r--. 1 pedroigor pedroigor  789 Jan 18 15:20 pl-idm-agents.db ----> Serialized data for Agents
        -rw-rw-r--. 1 pedroigor pedroigor 1134 Jan 18 15:20 pl-idm-credentials.db ----> Serialized data for Credentials
        -rw-rw-r--. 1 pedroigor pedroigor    0 Jan 18 15:20 pl-idm-groups.db ----> Serialized data for Groups
        -rw-rw-r--. 1 pedroigor pedroigor    0 Jan 18 15:20 pl-idm-roles.db ----> Serialized data for Roles

     Serialization provides us a fast way to store data, but I have some concerns that I want to share:
        - As we're serializing objects, we may have to ensure compatibility with prior versions. I think Version Control is a option here (btw, Stuart Douglas gave me some tips about that).

        - Is better to use JBoss Marshalling instead of using the JDK Serialization API directly ? Mainly considering the JBoss ecosystem ?

        - Is there a better format to store data ? Such as XML ...

        - I had some discussions with Shane about using Infinispan. We agreed that the IDM cache will be ISPN-based, that is fine. But maybe a ISPN-based store can fits well too. ISPN allows to store data using different CacheStore implementations, transaction support, indexing, distributable or local storage, etc.

     Wdyt ?
Pedro Igor

More information about the security-dev mailing list