Saturday, March 14, 2009

Building Internet Identity (WWDS Pt 2)

Last week, I responded to Dave Kearn's article "How a universal directory might work". I commented that there does not need to be some centralized service managed by one or a few vendors to unify directories or virtual directories. Rather, the solution needs to be akin to the kind of thing that created the Internet itself, TCP/IP's stack architecture.

Project Aristotle is the beginning of one such "stack" for identity services. Project Aristotle uses CARML (Client Attribute Requirements Markup Language) to act as an application's identity object model for identity services. When an application has declared an identity data model, it becomes possible to have a technology "stack" that can service an application's requirements in a protocol neutral way -- much the same way that TCP/IP could interconnect networks across many different types of media. Because the services layers below the application can understand the application's requirements (from the CARML data object model), they can begin to automate the complex processing it takes to map, route, and adapt to the necessary wire protocols. Further, this stack can also service other components of an application server, namely authentication and authorization services - bringing disperate components together to use a common identity service.

Aside: The idea of using an identity object information model for application development may seem radical and new. But actually, this has been done before in the database world.
TopLink is an object-relational mapping package that was developed for SmallTalk and later Java. Learning from TopLink, means we can move ahead with a proven programming concept combined with proven technology such as virtual directories that can act as just one possible implementation of many in an open identity market.

For Oracle, Project Aristotle will make it much easier to develop applications that can use almost any type of identity service at a much lower cost, and with a lot more flexibility and reliability. More importantly it gives the businesses that deploy these applications, the ability to decide what protocols, policies, and technology systems are most appropriate for their enterprise environment without requiring customization of the application. Application developers are freed from having to become expert in many different types of identity services infrastructures and protocols. After-all developers shouldn't need to have a deep knowledge of identity protocols - they should be able to just use a well tested, easy-to-use stack-based approach that allows any vendor or open source technology to be used.

Project Aristotle is being developed at OpenLiberty. While OpenLiberty is receiving major contributions from Oracle, Project Aristotle is being developed in an open community of participants. Accordingly Project Aristotle (ArisID) welcomes and encourages contributions to this project! All that is required is the signing of the Apache CLA agreement. Oh, and by the way, if anyone wants to work on other programming language bindings for Project Aristotle, we're looking for that too!

Isn't it interesting that all this started from a desire to improve the transparency about how applications use identity-related information and to create Identity Governance within applications. The side-effect of governance, has been a new approach for dramatically improved identity services in the future!

No comments:

Post a Comment