Re: [security-dev] IDM API/Implementation

Hi all, (Shane will add more info to this thread soon) Shane has been driving the standalone IDM API/Implementation project in the PicketLink umbrella. This is a brand new project. https://github.com/picketlink/picketlink-idm The Key classes/interfaces are: https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/jav... https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/jav... The Manager has a simple api for user/role/group. Now each of these types (User,Role,Group) is an IdentityType (implying they get attributes). So for an user, if you want to store/retrieve/represent certificates, password recovery Qs, you can do so as attributes. Currently implementation is done using JPA. There is plan to do an LDAP implementation.

I would also suggest text file based impl, as well as a layered hybrid federated solution. What I mean by that is the security developer receives one interface to query from, but the information may be contained in a variety of sources, LDAP, text file, keystore, DBMS, HTTP. For example, a company might not want to store private keys within an LDAP server, but is quite happy storing user/roles in an LDAP server.