a common api & ui for building next generation identity services
DESCRIPTION
Presented by Jamie Nelson, VP of Engineering, ForgeRock and Jonathan Scudder, OpenAM Architect and ForgeRock Co-Founder at ForgeRock Open Identity Summit, June 2013TRANSCRIPT
Open Identity SummitOpen Identity Summit
The Young and the RESTless
Jonathan ScudderJamie Nelson
Open Identity Summit
Stack Architecture
Resource Oriented
RESTful
API
Open Identity Summit
API: How we share data and functionality with developers and businesses APIs have been around ‘forever’
Usage and significance has changed dramatically over recent years
Shift towards external developers and users
API vs SOA
Open Identity Summit
Killer Argument
Why are we aligning our API’s?
Is REST a good enough argument by itself?
Don’t our current API’s do enough?
Open Identity Summit
#1 Real Stack
Open Identity Summit
#2 Boundary Blur
~ 70% of enterprises building private cloud
~ 40% of enterprises building public and hybrid cloud.
(Survey by IDC, September 2012)
Mobile Social Cloud Enterprise
Open Identity Summit
#3 Integration Power
Create
Read
Update
Delete
Patch
Action
Query
Granular control, simple interface
Standard set of operations (CRUDPAQ), different inputs & outputs
Primarily JSON representation
Attractive non-functional tools and techniques with HTTP
ROA + REST + JSON
Open Identity Summit
CREST example/json/subrealm/users/?_action=create
$ curl --request POST --header "iplanetDirectoryPro: AQIC5w..."
--header "Content-Type: application/json"
--data '{
"name": "bjensen",
"userpassword": "secret12",
"mail": "[email protected]"
}'
https://openam.example.com:8443/openam/json/users/?_action=create
Open Identity Summit
CREST response{
"name": "bjensen",
"realm": "/",
"uid": [
"bjensen"
],
"mail": [
],
"userpassword": [
"{SSHA}0pXpKLPRKCGY7g3YqZygJmKMW6IC2BLJimmlwg=="
],
"dn": [
"uid=bjensen,ou=people,dc=openam,dc=forgerock,dc=org"
],
...
Open Identity Summit
API strategy - local
Open Identity Summit
API strategy - stack
Open Identity Summit
Problem
To many different complicated UI Frameworks
Roots from sun
Big company UI strategy churn
Developers learning new frameworks
Customers are locked in
Simple modifications overly complex
Leads to heavyweight API just for the UI
Open Identity Summit
Complex Frameworks
Years to learn
Takes an expert to make changes
No consistency between API, CLI, over the wire
Complexity requires an abstraction layer
Isolates the UI from Command Line and other APIs
Scripting is impossible
Open Identity Summit
ForgeRock User Interfaces
YUI/Click
Jato
JSF/Ice Faces
JSP Admin
Java Swing
Open Identity Summit
Open Identity Stack UI Model
Single UI model for all products
Built on ForgeRock REST (CREST)
Common UIs for:
User management
Registration and Self Service
Login and Password Reset
Build on shared services for Authentication
Open Identity Summit
ForgeRock UI Model
jQuery (Needs a little help)
Backbone.js + Require.js (Modular)
Handlebars.js (Templating)
Underscore.js (Utility library)
Less.js (CSS preprocessor)
Built on ForgeRock REST and Common Services
Caters to the web developers of today
Two different models for ForgeRock UIs
Open Identity Summit
Admin and Configuration
Used primarily by Administrators
UI not typically customized
Configuration for product services
Dynamically rendered based on server JSON schema
REST APIs for custom applications
Adding new services dynamically rendered
Customers not expected to modify more than CSS
Open Identity Summit
End User
Primarily seen by end users
Simple HTML Templates
Read in by Javascript and embedded in the UI
Rendered with site wide styles/CSS
Simple syntax for embedding dynamic values
Separates bus logic from display
Simple to modify without breaking the UI
Easy to patch and upgrade
Open Identity Summit
Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/auth/1/authenticate
QueryString Params:username:tompassword:11111111
Response:{ "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcIr2TG …”}
Authentication
Open Identity Summit
Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/user/?_action=create
{ "userName":"tom”,"email":"[email protected]","givenName":"Tom","familyName":"Petty","securityQuestion":"1","securityAnswer":”damn the torpedoes”,…}
Response:{ "dn":["uid=tom,ou=people,dc=openam,dc=forgerock,dc=org"]…}
Registration/Create
Open Identity Summit
Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/users/?_action=idFromSession
Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”
Response:{"id":”tom", "realm":"/", "dn":"id=tom,ou=user,dc=openam,dc=forgerock,dc=org”}
Get UserID from Session
Open Identity Summit
GET:
http://www.idp.com:8888/openam/json/users/tom
Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”
Response:{ "name":"tom", "realm":"/", "uid":["tom"], "mail":["[email protected]"], "sn":["Petty"], "givenname":["Tom"],}
Get User Profile
Open Identity Summit
Extending End User Pages
Open Identity Summit
<div class="column1">
<div class="field">
<label class="light">{{t "common.user.postalCode"}}</label>
<input type="text" name=”city" />
<div class="validation-message"></div>
</div>
</div>
<div class="column2">
<div class="field">
<label class="light">{{t "common.user.city"}}</label>
<input type="text" name=”postalCode" />
<div class="validation-message"></div>
</div>
</div>
Extending End User Pages
Open Identity Summit
Open Identity Summit
Single Shared Model
ForgeRock Services
ForgeRock REST
ForgeRock UI
Application Scripting
Q & AQ & A
Logo of Presenter Company HERE