[Igf-dev] Milestone 0.2 of igf attribute services API checked in

Phil Hunt phil.hunt at oracle.com
Thu Feb 28 08:32:40 PST 2008 

FYI... the first draft of the IGF Attribute Services API has been  
checked in.

I am available to discuss this morning if anyone would like to do so.  
I suggest we use the normal conference line.   (ps. sorry I was late  
for the call today).

In SVN you can either download the head version (under trunk), or the  
milestone0.2 version under branches.

Within each of trunk and branches/milestoe0.2 you will find two  
eclipse projects:
org.openliberty.igf.attributeServices
org.openliberty.igf.attributeServices.test

The latter project is the JUnit code that tests the the first  
project. I would use this to see examples of how to use the API.

Note: I don't see any reason why these projects shouldn't work in  
NetBeans or JDeveloper. However, I must confess I haven't tested  
them. I was following the id-wsf client project's example by using  
Eclipse.

Highlights for this check-in are:
* Basic implementation of the Attribute Services API including
    * Carml Schema Declaration
    * Simplistic WS-Policy support - policy is currently not  
interpreted at this time (see note below)
    * Carml Transaction Declaration (Add, Authenticate, Delete,  
Modify, Read, Search)
    * Transaction Implementation (for all above)
* IGF Stack Provider Interface - the interface that products like OVD  
need to implement to accept an IGF Attribute Service client.
* CARML document reader and writer methods
* JAAS LoginModule Implementation - rudimentary integration with  
platform/container security
* JUnit tests validating operations above.  Note: the Write CARML  
step fails since XML is not done.
* A Test provider that simulates a memory based repository.

There are still many items to implement, some of which are:
* Policy Assertions is still just a dumb object. And igf-appidpolicy  
and igf-deployid policy are not implemented. I'm still looking for a  
good open source implementation of WS-Policy - I found Apache Neethi,  
but it had some questionable dependencies that I still need to research.
* No server-side support such as AAPML
* IDE Integration Tools - this is another (much bigger) project that  
will happen likely after Liberty publishes IGF specs.
* There is no end-to-end demo.  Next step is to write providers for  
OVD, Higgins IdAS etc.
* Deployment management - the API does not handle configuration  
management. This would be the job of the provider (e.g. OVD, Higgins)  
to decide how best to handle this.

Note: the API discussed on the openLiberty site is somewhat out of  
date. The chief reason is we made some major changes after broader  
discussion:
* Separated schema from transactions.  Now schema is declared on its  
own and transactions use schema....rather than the other way around.  
This is more friendly to enterprises who would like to use  
standardized schema or use enterprise standard schemas.
* Introduction of Roles and Filters
* Support for WS-Policy and the new drafts for (igf-appIdPolicy and  
igf-DeployIdPolicy).
The plan is to get the documentation on the site updated as soon as  
time permits.

Discussion items:
* The current API is "transaction" centric rather than entity  
centric. Is an even higher level API wanted or desired... e.g. one  
that works more like a JDO model? This is difficult to say...but we  
also have to consider that we want to be able to audit transactions  
across a wide variety of protocols - hence the current design.
* The API is intended to support 90% of apps developers out there who  
are interested in identity information about a user actively using an  
application. The API emphasizes being able to retrieve information  
about one person at a time in a privacy enhancing way.  Although it  
can support it, the API is not intended for doing report writing.   
This is the difference between asking:  Can Phil book a first class  
flight?  and Who is authorized to book first class flights?
* What other higher level convenience methods would we like to see?

Phil Hunt
Oracle


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openliberty.org/pipermail/igf-dev_lists.openliberty.org/attachments/20080228/e8e23bbf/attachment-0001.html

More information about the Igf-dev mailing list