Saturday, November 10, 2007

Thinking About An Identity Services API

My colleague at Oracle, Nishant Kaushik, was asking me about whether I knew if something was going on to develop a high-level API for Identity Services in the open source community. I realized that in a way, my work at Open Liberty on the implementation of the CARML API for the Identity Governance Framework was in fact turning out to be the startings of that exact API. From the developer's perspective, we're not building an IGF API, we're building an attribute/identity services API of which identity policy is only one of the many services needed.

The focus of the Open Liberty IGF project has been to demonstrate and provide libraries for using IGF, the issue I have run into, is that this project also needs a complete set of Identity Services. It needs to work with all the popular protocols (which is why working with a protocol specific API isn't good enough and why we're using Higgins IdAS to build on top of). It needs to deal with a wide variety web application needs and deployment environments. What started out as simply an implementation of IGF is definitely much bigger.

I would like to invite anybody interested in identity services to join the IGF Development Discussion group and add your thoughts. Should we broaden the direction of the IGF development to be more generic? Should we even rename or relocate the project? What do you think should be included in Identity Services. I know opinions vary widely on what Identity Services is. But this is exactly why collaborative input is needed now. Are you interested in getting involved? If so, feel free to respond to this post, or add your thoughts to the official development list!

2 comments:

jwilleke said...

Is this not what is being done with Bandit's "Common Identity Architecture" http://www.bandit-project.org/index.php/Common_Identity_Architecture

Phil Hunt said...

Bandit's "Common Identity Architecture" is what is known as the "Identity Attribute Service (IdAS) in Higgins.

And it is this same code that is planned to be used as the connectivity layers for the IGF Attribute Service.

What this project will do is add additional service layers such as policy, transformation, discovery, routing, and a developer API that can be embedded into IDE's (e.g. Eclipse, Netbeans, and so on).

Post a Comment