Organizations:
Most intranet and Internet applications require user authentication. Applications either have an intergrated data store (e.g. RDBMS) or leverage an network service (e.g. LDAP) for validating users. Managing the "life cycle" of user data has become challenging. There are different user provisioning strategies:
- An enterprise typically implements a provisioning solution such as Sun's Identity Manager to manage user data across multiple applications and services.
- Departments (or group level) many only have a single application that has a dedicated user data store. The volume of user management activities is usually small.
- Web 2.0, Internet facing, applications typically leverage a scaleable / available network service for storing user information.
Requirements:
Organizations need to implement a set of basic user management capabilities. For End Users, a solution needs to provide; "Forgotten Password" and "Self Service" functionality. For User Administration, a solution needs to provide fundemental Create, Read, Update, Delete and Password operations. Provisioning solutions and user data stores most likely provide these basic user management capabilities through their native interfaces. The problem is that these native interfaces may not meet the organization's requirements. Organizations have expressed the need to intergrate user management systems with different custom "End User" experiences/interfaces. Commonly requested interfaces include:
Remote Web Interface: |
Organizations need a Web interface, for user provisioning, that can be deployed remotely from the system that host the provisioning solution. |
Command Line Interface: |
Administrators need an interface that allows them to perform provisioning from a comamnd-line interface, either interactively or from a shell script. |
Portal / Portlet Interface: |
Enterprise and Departmental organizations may have to provide user provisioning interfaces into an existing Portal infrastructure. |
WSDL-based Web Service: |
Developers need to integrate user provisioning into a SOA environment and are requiring Web Services that can be used by SOA development tools. |
Because of these requirements for custom end-user experiences, organizations will build applications that leverage different types of development environments. The "End User" application (experience) may need to support a rich-native desktop interface, a browser-based interface, a Web Service or a command-line interface. Developers will design solutions that integrate an orgaization's interface experience with the various user data stores. Developers will most likely have to learn the details related to interacting with the various user data stores. Web developers may not be prepared to deal with Java APIs that are need to access the data store(s).
Solution:
Project OpenPTK is a three-tier architecture which enables developers to focus on the business application interface, not on the underlying user data store. There's a number of "Consumer Tier" interfaces which address various development options. The "back-end" user data store is abstracted through the "Service Tier". The "Framework Tier" integrates the Consumer and Service tiers while also managing configurations, logging/debugging and provisioning operations.
Project OpenPTK Architecture
Unable to render embedded object: File (OpenPTK_Arch.png) not found.
Consumer Tier interfaces/examples:
User Management Lite (UML) |
A JSPs/Taglib-based web application which provides basic user administration, and self-service functions. |
Command Line Interface (CLI) |
Provides basic provisioning operations. The CLI can be part of custom scripts that administrators can use to automate provisioning tasks. |
JSR-168 Portlets |
Provides "Forgotten Password", "Self Service" and "User Administration" capabilities. These portlets can be integrated into a customers existing JSR-168 compliant Portal server. |
WSDL-based Web Service |
Provides User provisioning operations. Web Service clients (e.g. Java CAPS and soapUI) can reference the WSDL from this service and create custom integration solutions. |
Service Tier implementations:
Developers can use Project OpenPTK's interfaces and APIs to handle user provisioning operations without having to worry about the back-end user data stores. User provisioning applications that leverage Project OpenPTK can easily support multiple different user data stores through the use of its flexible configuration mechanism.
Project OpenPTK is a formal open source project hosted on Java.net and is part of the Identity Management community. Project OpenPTK founders: Scott Fehrman, Derrick Harcey and Terry Sigle are Pre-Sales Systems Engineers supporting Sun's Identity Management products.
The Project OpenPTK site contains source code (via svn), documentation, distributions and tracks issues. Anyone is welcome to join the community as an Observer and please subscribe to the "user" and "announce" mailing lists.
Strategy
- Enables development of custom flexible provisioning interfaces to identity repositories
- Multiple interfaces: Java API, JSP Taglib, JSR-168, Web Service (WSDL)
- Multiple repositories: SPML, JNDI, JDBC
- Sample applications:
- User Management Lite
- Command Line Interface
- Portlets (self service, user administration)
Project Profile
Code Base |
Over 90% of the code within the project is Java source files. Sample applications leverage Java Server Pages, XML configuration files and a few shell scripts. |
Free Distribution |
All components are freely (re)distributable. The entire project is offered as source code. Pre-packaged WAR files and zip files are provided for milestone releases as a convenience. |
Commercial Product |
There is currently no commercial offering for this project from Sun. External organizations may offer a commercial distribution.
Sun does not currently have a standard support offering for this project.
This project is complimentary to Sun's Identity Management products |
Competing Projects |
There are no known competing open source projects. |
Competing Distributions |
There are no known competing distributions of this project |
Competing Products |
Competing commercial Identity Management products may offer certain features that compete with this project. These companies could include: Oracle, IBM, CA |
Community Profile
Governance |
The Governance model is based on the Glassfish model. It's available on the project website.
Code put back follows the Governance model regardless of being a Sun employee |
License |
The CDDL is exclusively used for this project with no modifications. |
Infrastructure |
The projects official site
http://java.net/projects/openptk is used for all project information and collaboration. Source code is accessible via "svn" from this same site. |
Contributions |
All enhancements and new features are evaluated by, and need to be committed by, the Project Owners. Bug fixes can be committed by Project Owners and Committers. |
Dynamics |
Community members are those interested in creating custom provisioning interfaces to meet custom business requirements.
This project will typically be distributed as an embedded component of specific business solutions that compliment Sun user repository offerings. |
Adoption |
The community is using this project to extend the capabilities of Sun (and non-Sun) products related to building custom user provisioning solutions. |