From phil.hunt at oracle.com Tue Feb 5 11:19:13 2008 From: phil.hunt at oracle.com (Phil Hunt) Date: Tue, 5 Feb 2008 11:19:13 -0800 Subject: [Igf-dev] Filters Message-ID: <7FA054B3-0A48-4CB8-ADA2-8909B1DCEF3A@oracle.com> Just looking over the CARML schema (rev 07). My original thinking was that a filter is used for inbound request filtering and it is not necessarily true that a filter has anything to do with an attribute. The problem right now, is we don't have a DataType for a filter. I wonder if we should either: a. Add DataType to a filter definition b. Change filter definition to simply reference an existing Attribute or Predicate. Thoughts? Phil Hunt Oracle -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/igf-dev_lists.openliberty.org/attachments/20080205/0451def1/attachment.html From phil.hunt at oracle.com Wed Feb 13 14:29:43 2008 From: phil.hunt at oracle.com (Phil Hunt) Date: Wed, 13 Feb 2008 14:29:43 -0800 Subject: [Igf-dev] Feb 14 call cancelled, next meeting Feb 28th Message-ID: <94F0DBAA-A0FB-4010-A624-3D69825E375E@oracle.com> Please note, the Feb 14 meeting is cancelled as I will be away on holidays. The next meeting is February 28th. The agenda for the next call will be to discuss the recent check-ins in svn and review the current implementation draft. Phil Hunt Oracle -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/igf-dev_lists.openliberty.org/attachments/20080213/5c7d90e7/attachment.html From phil.hunt at oracle.com Thu Feb 28 08:32:40 2008 From: phil.hunt at oracle.com (Phil Hunt) Date: Thu, 28 Feb 2008 08:32:40 -0800 Subject: [Igf-dev] Milestone 0.2 of igf attribute services API checked in Message-ID: <21468670-68D4-4E46-9C93-ECF21B477BF6@oracle.com> FYI... the first draft of the IGF Attribute Services API has been checked in. I am available to discuss this morning if anyone would like to do so. I suggest we use the normal conference line. (ps. sorry I was late for the call today). In SVN you can either download the head version (under trunk), or the milestone0.2 version under branches. Within each of trunk and branches/milestoe0.2 you will find two eclipse projects: org.openliberty.igf.attributeServices org.openliberty.igf.attributeServices.test The latter project is the JUnit code that tests the the first project. I would use this to see examples of how to use the API. Note: I don't see any reason why these projects shouldn't work in NetBeans or JDeveloper. However, I must confess I haven't tested them. I was following the id-wsf client project's example by using Eclipse. Highlights for this check-in are: * Basic implementation of the Attribute Services API including * Carml Schema Declaration * Simplistic WS-Policy support - policy is currently not interpreted at this time (see note below) * Carml Transaction Declaration (Add, Authenticate, Delete, Modify, Read, Search) * Transaction Implementation (for all above) * IGF Stack Provider Interface - the interface that products like OVD need to implement to accept an IGF Attribute Service client. * CARML document reader and writer methods * JAAS LoginModule Implementation - rudimentary integration with platform/container security * JUnit tests validating operations above. Note: the Write CARML step fails since XML is not done. * A Test provider that simulates a memory based repository. There are still many items to implement, some of which are: * Policy Assertions is still just a dumb object. And igf-appidpolicy and igf-deployid policy are not implemented. I'm still looking for a good open source implementation of WS-Policy - I found Apache Neethi, but it had some questionable dependencies that I still need to research. * No server-side support such as AAPML * IDE Integration Tools - this is another (much bigger) project that will happen likely after Liberty publishes IGF specs. * There is no end-to-end demo. Next step is to write providers for OVD, Higgins IdAS etc. * Deployment management - the API does not handle configuration management. This would be the job of the provider (e.g. OVD, Higgins) to decide how best to handle this. Note: the API discussed on the openLiberty site is somewhat out of date. The chief reason is we made some major changes after broader discussion: * Separated schema from transactions. Now schema is declared on its own and transactions use schema....rather than the other way around. This is more friendly to enterprises who would like to use standardized schema or use enterprise standard schemas. * Introduction of Roles and Filters * Support for WS-Policy and the new drafts for (igf-appIdPolicy and igf-DeployIdPolicy). The plan is to get the documentation on the site updated as soon as time permits. Discussion items: * The current API is "transaction" centric rather than entity centric. Is an even higher level API wanted or desired... e.g. one that works more like a JDO model? This is difficult to say...but we also have to consider that we want to be able to audit transactions across a wide variety of protocols - hence the current design. * The API is intended to support 90% of apps developers out there who are interested in identity information about a user actively using an application. The API emphasizes being able to retrieve information about one person at a time in a privacy enhancing way. Although it can support it, the API is not intended for doing report writing. This is the difference between asking: Can Phil book a first class flight? and Who is authorized to book first class flights? * What other higher level convenience methods would we like to see? Phil Hunt Oracle -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/igf-dev_lists.openliberty.org/attachments/20080228/e8e23bbf/attachment-0001.html From phil.hunt at oracle.com Fri Feb 29 08:40:54 2008 From: phil.hunt at oracle.com (Phil Hunt) Date: Fri, 29 Feb 2008 08:40:54 -0800 Subject: [Igf-dev] Open Liberty wiki updated Message-ID: <07D06277-A2E1-4D82-A160-777DE592DA4C@oracle.com> In my last e-mail, I mentioned that the IGF stuff needed revision. With a couple of minor exceptions, I have now updated the wiki to reflect the current API as much as possible. http://openliberty.org/wiki/index.php/ IGF_AttrSvcs_API#Attribute_Services_API Regards, Phil Hunt Oracle -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/igf-dev_lists.openliberty.org/attachments/20080229/50709689/attachment.html