[security-dev] [PicketLink IDM] - File-based Identity Store
Hi All,
Would like to know your opnion about how we're storing identity information using
the File-based Identity Store and discuss possible alternatives.
Just for background, the motivation behind the file-based store is to provide a fast,
ready-to-use and simple store, ideally for test and development scenarios/environments.
The configuration is minimal and requires the file system.
Today we're basically serializing objects (JDK Serialization API) and storing them
into files. The layout is quite simple:
/tmp/pl-idm/:
total 4
drwxrwxr-x. 2 pedroigor pedroigor 140 Jan 18 15:20
65d62693-953c-43a6-ac43-4b655174bbb4 ----> Each Partitions has its own directory
-rw-rw-r--. 1 pedroigor pedroigor 554 Jan 18 15:20 pl-idm-partitions.db ---->
Serialized data for partitions
-rw-rw-r--. 1 pedroigor pedroigor 0 Jan 18 15:20 pl-idm-relationships.db
----> Serialized data for Relationships
/tmp/pl-idm/65d62693-953c-43a6-ac43-4b655174bbb4: ----> Partition directory.
total 8
-rw-rw-r--. 1 pedroigor pedroigor 789 Jan 18 15:20 pl-idm-agents.db ---->
Serialized data for Agents
-rw-rw-r--. 1 pedroigor pedroigor 1134 Jan 18 15:20 pl-idm-credentials.db ---->
Serialized data for Credentials
-rw-rw-r--. 1 pedroigor pedroigor 0 Jan 18 15:20 pl-idm-groups.db ---->
Serialized data for Groups
-rw-rw-r--. 1 pedroigor pedroigor 0 Jan 18 15:20 pl-idm-roles.db ---->
Serialized data for Roles
Serialization provides us a fast way to store data, but I have some concerns that I
want to share:
- As we're serializing objects, we may have to ensure compatibility with prior
versions. I think Version Control is a option here (btw, Stuart Douglas gave me some tips
about that).
- Is better to use JBoss Marshalling instead of using the JDK Serialization API
directly ? Mainly considering the JBoss ecosystem ?
- Is there a better format to store data ? Such as XML ...
- I had some discussions with Shane about using Infinispan. We agreed that the IDM
cache will be ISPN-based, that is fine. But maybe a ISPN-based store can fits well too.
ISPN allows to store data using different CacheStore implementations, transaction support,
indexing, distributable or local storage, etc.
Wdyt ?
Regards,
Pedro Igor