Re: [security-dev] IDM API/Implementation
On 8/22/2012 11:47 AM, Anil Saldhana wrote:
Hi all,
(Shane will add more info to this thread soon)
Shane has been driving the standalone IDM API/Implementation project in
the PicketLink umbrella. This is a brand new project.
https://github.com/picketlink/picketlink-idm
The Key classes/interfaces are:
https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/jav...
https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/jav...
The Manager has a simple api for user/role/group. Now each of these
types (User,Role,Group) is an IdentityType (implying they get attributes).
So for an user, if you want to store/retrieve/represent certificates,
password recovery Qs, you can do so as attributes.
Currently implementation is done using JPA.
There is plan to do an LDAP implementation.
I would also suggest text file based impl, as well as a layered hybrid
federated solution. What I mean by that is the security developer
receives one interface to query from, but the information may be
contained in a variety of sources, LDAP, text file, keystore, DBMS,
HTTP. For example, a company might not want to store private keys
within an LDAP server, but is quite happy storing user/roles in an LDAP
server.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com