[security-dev] [PicketLink IDM] - File-based Identity Store
Anil.Saldhana at redhat.com
Fri Jan 18 13:55:19 EST 2013
On 01/18/2013 12:24 PM, Pedro Igor Silva wrote:
> Hi All,
> Would like to know your opnion about how we're storing identity information using the File-based Identity Store and discuss possible alternatives.
> Just for background, the motivation behind the file-based store is to provide a fast, ready-to-use and simple store, ideally for test and development scenarios/environments. The configuration is minimal and requires the file system.
A potential usage is in JBossAS which may not have default configuration
for databases and ldap. In that case, we have to worry about the
serialization issues with files and versions.
> Today we're basically serializing objects (JDK Serialization API) and storing them into files. The layout is quite simple:
> total 4
> drwxrwxr-x. 2 pedroigor pedroigor 140 Jan 18 15:20 65d62693-953c-43a6-ac43-4b655174bbb4 ----> Each Partitions has its own directory
> -rw-rw-r--. 1 pedroigor pedroigor 554 Jan 18 15:20 pl-idm-partitions.db ----> Serialized data for partitions
> -rw-rw-r--. 1 pedroigor pedroigor 0 Jan 18 15:20 pl-idm-relationships.db ----> Serialized data for Relationships
> /tmp/pl-idm/65d62693-953c-43a6-ac43-4b655174bbb4: ----> Partition directory.
> total 8
> -rw-rw-r--. 1 pedroigor pedroigor 789 Jan 18 15:20 pl-idm-agents.db ----> Serialized data for Agents
> -rw-rw-r--. 1 pedroigor pedroigor 1134 Jan 18 15:20 pl-idm-credentials.db ----> Serialized data for Credentials
> -rw-rw-r--. 1 pedroigor pedroigor 0 Jan 18 15:20 pl-idm-groups.db ----> Serialized data for Groups
> -rw-rw-r--. 1 pedroigor pedroigor 0 Jan 18 15:20 pl-idm-roles.db ----> Serialized data for Roles
> Serialization provides us a fast way to store data, but I have some concerns that I want to share:
> - As we're serializing objects, we may have to ensure compatibility with prior versions. I think Version Control is a option here (btw, Stuart Douglas gave me some tips about that).
> - Is better to use JBoss Marshalling instead of using the JDK Serialization API directly ? Mainly considering the JBoss ecosystem ?
> - Is there a better format to store data ? Such as XML ...
Compared to Java serialization, XML would be painful.
> - I had some discussions with Shane about using Infinispan. We agreed that the IDM cache will be ISPN-based, that is fine. But maybe a ISPN-based store can fits well too. ISPN allows to store data using different CacheStore implementations, transaction support, indexing, distributable or local storage, etc.
The Default cache should be ISPN. But I am not sold on a ISPN store.
ISPN File Cache Store instead of IDM FileStore Implementation is a
option. But JDBCCacheStore probably not.
More information about the security-dev