Communities:
Most intranet and Internet applications require user authentication. Applications either have an integrated data store (e.g. RDBMS) or leverage an network service (e.g. LDAP) for validating users. Managing the "life cycle" of user data has become challenging. There are different user provisioning strategies:
- An enterprise typically implements an "end-to-end" provisioning solution to manage user data across multiple applications and services.
- Departments (or group level) many only have a single application that has a dedicated user data store. The volume of user management activities is usually small.
- Web 2.0, Internet facing, applications typically leverage a highly scalable / available directory service or database for storing user information.
Developer Requirements:
Organizations need to implement a set of basic user management capabilities. For End Users, a solution needs to provide; "Registration", "Password Management" and "Self Service" functionality. For User Administration, a solution needs to provide fundamental Create, Read, Update, Delete and Password operations. Provisioning solutions and user data stores most likely provide these basic user management capabilities through their native interfaces. The problem is that these native interfaces may not meet the organization's requirements. Organizations have expressed the need to integrate user management systems with different custom "End User" experiences/interfaces. Commonly requested interfaces include:
| REST-based Web Services |
Web 2.0 Developers are leveraging a variety of tools and languages to build end-user interfaces. Solutions are being built (such as AJAX) which require a standardized mechanism to access information. These types of applications typically use a RESTful Web Service which supports standard JSON/XML data structures. |
| SOAP-based Web Service |
Developers need to integrate user provisioning into a SOA environment and are requiring SOAP/WSDL-based Web Services that can be used by SOA development tools. |
| Remote Web Interface |
Organizations need a Web interface, for user provisioning, that can be deployed remotely from the system that host the provisioning solution. |
| Portal / Portlet Interface |
Enterprise and Departmental organizations may have to provide user provisioning interfaces into an existing Portal infrastructure. |
| Command Line Interface |
Administrators need an interface that allows them to perform provisioning from a comamnd-line interface, either interactively or from a shell script. |
Challenge:
Because of these requirements for custom end-user experiences, organizations will build applications that leverage different types of development environments. The "End User" application (experience) may need to support a rich-native desktop interface, a browser-based interface, a Web Service or a command-line interface. Developers will design solutions that integrate an organization's interface experience with the various user data repositories. Developers will most likely have to learn the details related to interacting with the various user data stores. Web developers may not be prepared to deal with Java APIs that are needed to access the various user data repositories.
Solution:
Project OpenPTK is a three-tier architecture (server side) which enables developers to focus on the business application interface, not on the underlying user data repositories. The "back-end" user data repository is abstracted through the "Service Tier". The "Framework Tier" integrates the Server and Service tiers while also managing configurations, logging/debugging and provisioning operations. The "Server Tier" provides the RESTful Web Service (supporting JSON and XML). The RESTful Web Service offers multiple ways to "represent" the data between the Server and the applications. Bi-directional data can be represented using either JSON or XML syntax. Read-only data (out bound) can also be represented as HTML (Web Browsers) or Plain Text (command line utilities like "curl"). The Server provides the core infrastructure and several applications are provided which use the Server. There's a number of "Client Tier" interfaces, that extend the RESTful Web Service, which addresses various development options. For example, the Identity Central application includes an integrated User Interface which leverages AJAX technologies to implement a dynamic - rich experience. It provides User Registration, End-User Self Service, Account Management, and monitoring of the infrastructure. Other applications and client which leverage the server are described in the table below.
Project OpenPTK Architecture
Client Tier (interfaces/examples/applications):
| Client-side Java API |
The JAX-RS (Jersey) Client API is used to create a Client-side Provisioning API. The Java API provides a simple interface for accessing the OpenPTK RESTful Web Service. The Java API handles client verification (between the server), end-user authentication and connection management. |
| User Management Lite (UML) |
A Java Server Page Tag Library (taglib) provides basic user administration, and self-service functions. The taglib leverages Project OpenPTK's Client-side Java API. |
| Identity Central | This sample application uses the REST interface and provides basic user administration, and self-service functions. The application leverages Project OpenPTK's tag library and Client-side Java API (in a servlet filter for startup, and authentication services. |
| Command Line Interface (CLI) |
Provides an interactive "console" for executing provisioning operations. The CLI can be part of custom shell scripts to help administrators automate tasks. The CLI leverages Project OpenPTK's Client-side Java API. |
| JSR-168 Portlets |
Provides "Forgotten Password", "Self Service" and "User Administration" capabilities. These portlets can be integrated into a customers existing JSR-168 compliant Portal server. The Portlet samples leverages Project OpenPTK's Client-side Java API. |
| SOAP Web Services |
Provides WSDL-based User provisioning Web Services. SOAP clients can reference the WSDL from this service and create custom integration solutions. The SOAP Web Service is built using Project OpenPTK's Client API |
Service Tier implementations:
| SPML and SPML2 |
The Service Provisioning Markup Language (v1 and v2) is the external interface used by Commercial, enterprise-class, user provisioning solution. |
| Oracle Id Mgr |
Oracle's Identity Manager user provisioning solution, via the Java APIs.
- 11g
- 10g (Registration Only)
|
| LDAP |
|
| JDBC |
The Java Database Connectivity API is used to access Relational Database user data stores.
- Embedded JavaDB (Derby)
- MySQL
- Oracle 11g
|
Project Profile
| Code Base |
Over 90% of the code within the project is Java source files. Sample applications leverage Java Server Pages, XML configuration files and a few shell scripts. |
| Free Distribution |
All components are freely (re)distributable. The entire project is offered as source code. Pre-packaged WAR files and zip files are provided for milestone releases as a convenience. |
| Commercial Product |
There is currently no known commercial offering for this project. External organizations may offer a commercial distribution. There is no support offering for this project. |
| Competing Projects |
There are no known competing open source projects. |
| Competing Distributions |
There are no known competing distributions of this project |
| Competing Products |
Competing commercial Identity Management products may offer certain features that compete with this project. |
Community Profile
| Governance |
The Governance model is based on the Glassfish model. It's available on the project website. Code put back follows the Governance model. |
| License | The CDDL is exclusively used for this project with no modifications.
|
| Infrastructure |
The projects http://java.net/projects/openptk site is used for all project information and collaboration. Source code is accessible via "svn" from this same site. |
| Contributions |
All enhancements and new features are evaluated by, and need to be committed by, the Project Owners. Bug fixes can be committed by Project Owners and Commiters. |
| Dynamics |
Community members are those interested in creating custom provisioning interfaces to meet specific business requirements. This project will typically be distributed as an embedded component of specific business solutions that compliment existing identity repository offerings. |
| Adoption |
The community is using this project to extend the capabilities of identity related products to support the building of custom user provisioning solutions. |
Project OpenPTK is a open source project hosted on java.net.
Project OpenPTK founders: Scott Fehrman, Derrick Harcey and Terry Sigle
The Project site http://java.net/projects/openptk contains source code (via svn), forums, distributions and tracks issues. Anyone is welcome to join the community as an Observer. Please subscribe to the "user" and "announce" mailing lists.
