a common api & ui for building next generation identity services

Open Identity SummitOpen Identity Summit

The Young and the RESTless

Jonathan ScudderJamie Nelson

Open Identity Summit

Stack Architecture

Resource Oriented

RESTful

API


API: How we share data and functionality with developers and businesses APIs have been around ‘forever’

Usage and significance has changed dramatically over recent years

Shift towards external developers and users

API vs SOA


Killer Argument

Why are we aligning our API’s?

Is REST a good enough argument by itself?

Don’t our current API’s do enough?


#1 Real Stack


#2 Boundary Blur

~ 70% of enterprises building private cloud

~ 40% of enterprises building public and hybrid cloud.

(Survey by IDC, September 2012)

Mobile Social Cloud Enterprise


#3 Integration Power

Create

Read

Update

Delete

Patch

Action

Query

Granular control, simple interface

Standard set of operations (CRUDPAQ), different inputs & outputs

Primarily JSON representation

Attractive non-functional tools and techniques with HTTP

ROA + REST + JSON


CREST example/json/subrealm/users/?_action=create

$ curl --request POST --header "iplanetDirectoryPro: AQIC5w..."

--header "Content-Type: application/json"

--data '{

"name": "bjensen",

"userpassword": "secret12",

"mail": "[email protected]"

}'

https://openam.example.com:8443/openam/json/users/?_action=create


CREST response{

"name": "bjensen",

"realm": "/",

"uid": [

"bjensen"

],

"mail": [

"[email protected]"

],

"userpassword": [

"{SSHA}0pXpKLPRKCGY7g3YqZygJmKMW6IC2BLJimmlwg=="

],

"dn": [

"uid=bjensen,ou=people,dc=openam,dc=forgerock,dc=org"

],

...


API strategy - local


API strategy - stack


Problem

To many different complicated UI Frameworks

Roots from sun

Big company UI strategy churn

Developers learning new frameworks

Customers are locked in

Simple modifications overly complex

Leads to heavyweight API just for the UI


Complex Frameworks

Years to learn

Takes an expert to make changes

No consistency between API, CLI, over the wire

Complexity requires an abstraction layer

Isolates the UI from Command Line and other APIs

Scripting is impossible


ForgeRock User Interfaces

YUI/Click

Jato

JSF/Ice Faces

JSP Admin

Java Swing


Open Identity Stack UI Model

Single UI model for all products

Built on ForgeRock REST (CREST)

Common UIs for:

User management

Registration and Self Service

Login and Password Reset

Build on shared services for Authentication


ForgeRock UI Model

jQuery (Needs a little help)

Backbone.js + Require.js (Modular)

Handlebars.js (Templating)

Underscore.js (Utility library)

Less.js (CSS preprocessor)

Built on ForgeRock REST and Common Services

Caters to the web developers of today

Two different models for ForgeRock UIs


Admin and Configuration

Used primarily by Administrators

UI not typically customized

Configuration for product services

Dynamically rendered based on server JSON schema

REST APIs for custom applications

Adding new services dynamically rendered

Customers not expected to modify more than CSS


End User

Primarily seen by end users

Simple HTML Templates

Read in by Javascript and embedded in the UI

Rendered with site wide styles/CSS

Simple syntax for embedding dynamic values

Separates bus logic from display

Simple to modify without breaking the UI

Easy to patch and upgrade


POST:

http://www.idp.com:8888/openam/json/auth/1/authenticate

QueryString Params:username:tompassword:11111111

Response:{ "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcIr2TG …”}

Authentication


POST:

http://www.idp.com:8888/openam/json/user/?_action=create

{ "userName":"tom”,"email":"[email protected]","givenName":"Tom","familyName":"Petty","securityQuestion":"1","securityAnswer":”damn the torpedoes”,…}

Response:{ "dn":["uid=tom,ou=people,dc=openam,dc=forgerock,dc=org"]…}

Registration/Create


POST:

http://www.idp.com:8888/openam/json/users/?_action=idFromSession

Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”

Response:{"id":”tom", "realm":"/", "dn":"id=tom,ou=user,dc=openam,dc=forgerock,dc=org”}

Get UserID from Session


GET:

http://www.idp.com:8888/openam/json/users/tom

Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”

Response:{ "name":"tom", "realm":"/", "uid":["tom"], "mail":["[email protected]"], "sn":["Petty"], "givenname":["Tom"],}

Get User Profile


Extending End User Pages


<div class="column1">

<div class="field">

<label class="light">{{t "common.user.postalCode"}}</label>

<input type="text" name=”city" />

<div class="validation-message"></div>

</div>

</div>

<div class="column2">

<div class="field">

<label class="light">{{t "common.user.city"}}</label>

<input type="text" name=”postalCode" />

<div class="validation-message"></div>

</div>

</div>

Extending End User Pages


Single Shared Model

ForgeRock Services

ForgeRock REST

ForgeRock UI

Application Scripting

Q & AQ & A

Logo of Presenter Company HERE

a common api & ui for building next generation identity services

Technology

open identity summitpost

open identity summitproblem

open identity summitadmin

open identity summitget

open identity summitend

administrators ui

ui easy

common services