a common api & ui for building next generation identity services
DESCRIPTION
Presented by Jamie Nelson, VP of Engineering, ForgeRock and Jonathan Scudder, OpenAM Architect and ForgeRock Co-Founder at ForgeRock Open Identity Summit, June 2013TRANSCRIPT
![Page 1: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/1.jpg)
Open Identity SummitOpen Identity Summit
The Young and the RESTless
Jonathan ScudderJamie Nelson
![Page 2: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/2.jpg)
Open Identity Summit
Stack Architecture
Resource Oriented
RESTful
API
![Page 3: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/3.jpg)
Open Identity Summit
API: How we share data and functionality with developers and businesses APIs have been around ‘forever’
Usage and significance has changed dramatically over recent years
Shift towards external developers and users
API vs SOA
![Page 4: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/4.jpg)
Open Identity Summit
Killer Argument
Why are we aligning our API’s?
Is REST a good enough argument by itself?
Don’t our current API’s do enough?
![Page 5: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/5.jpg)
Open Identity Summit
#1 Real Stack
![Page 6: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/6.jpg)
Open Identity Summit
#2 Boundary Blur
~ 70% of enterprises building private cloud
~ 40% of enterprises building public and hybrid cloud.
(Survey by IDC, September 2012)
Mobile Social Cloud Enterprise
![Page 7: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/7.jpg)
Open Identity Summit
#3 Integration Power
Create
Read
Update
Delete
Patch
Action
Query
Granular control, simple interface
Standard set of operations (CRUDPAQ), different inputs & outputs
Primarily JSON representation
Attractive non-functional tools and techniques with HTTP
ROA + REST + JSON
![Page 8: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/8.jpg)
Open Identity Summit
CREST example/json/subrealm/users/?_action=create
$ curl --request POST --header "iplanetDirectoryPro: AQIC5w..."
--header "Content-Type: application/json"
--data '{
"name": "bjensen",
"userpassword": "secret12",
"mail": "[email protected]"
}'
https://openam.example.com:8443/openam/json/users/?_action=create
![Page 9: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/9.jpg)
Open Identity Summit
CREST response{
"name": "bjensen",
"realm": "/",
"uid": [
"bjensen"
],
"mail": [
],
"userpassword": [
"{SSHA}0pXpKLPRKCGY7g3YqZygJmKMW6IC2BLJimmlwg=="
],
"dn": [
"uid=bjensen,ou=people,dc=openam,dc=forgerock,dc=org"
],
...
![Page 10: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/10.jpg)
Open Identity Summit
API strategy - local
![Page 11: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/11.jpg)
Open Identity Summit
API strategy - stack
![Page 12: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/12.jpg)
Open Identity Summit
Problem
To many different complicated UI Frameworks
Roots from sun
Big company UI strategy churn
Developers learning new frameworks
Customers are locked in
Simple modifications overly complex
Leads to heavyweight API just for the UI
![Page 13: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/13.jpg)
Open Identity Summit
Complex Frameworks
Years to learn
Takes an expert to make changes
No consistency between API, CLI, over the wire
Complexity requires an abstraction layer
Isolates the UI from Command Line and other APIs
Scripting is impossible
![Page 14: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/14.jpg)
Open Identity Summit
ForgeRock User Interfaces
YUI/Click
Jato
JSF/Ice Faces
JSP Admin
Java Swing
![Page 15: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/15.jpg)
Open Identity Summit
Open Identity Stack UI Model
Single UI model for all products
Built on ForgeRock REST (CREST)
Common UIs for:
User management
Registration and Self Service
Login and Password Reset
Build on shared services for Authentication
![Page 16: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/16.jpg)
Open Identity Summit
ForgeRock UI Model
jQuery (Needs a little help)
Backbone.js + Require.js (Modular)
Handlebars.js (Templating)
Underscore.js (Utility library)
Less.js (CSS preprocessor)
Built on ForgeRock REST and Common Services
Caters to the web developers of today
Two different models for ForgeRock UIs
![Page 17: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/17.jpg)
Open Identity Summit
Admin and Configuration
Used primarily by Administrators
UI not typically customized
Configuration for product services
Dynamically rendered based on server JSON schema
REST APIs for custom applications
Adding new services dynamically rendered
Customers not expected to modify more than CSS
![Page 18: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/18.jpg)
Open Identity Summit
End User
Primarily seen by end users
Simple HTML Templates
Read in by Javascript and embedded in the UI
Rendered with site wide styles/CSS
Simple syntax for embedding dynamic values
Separates bus logic from display
Simple to modify without breaking the UI
Easy to patch and upgrade
![Page 19: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/19.jpg)
Open Identity Summit
![Page 20: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/20.jpg)
Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/auth/1/authenticate
QueryString Params:username:tompassword:11111111
Response:{ "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcIr2TG …”}
Authentication
![Page 21: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/21.jpg)
Open Identity Summit
![Page 22: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/22.jpg)
Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/user/?_action=create
{ "userName":"tom”,"email":"[email protected]","givenName":"Tom","familyName":"Petty","securityQuestion":"1","securityAnswer":”damn the torpedoes”,…}
Response:{ "dn":["uid=tom,ou=people,dc=openam,dc=forgerock,dc=org"]…}
Registration/Create
![Page 23: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/23.jpg)
Open Identity Summit
![Page 24: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/24.jpg)
Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/users/?_action=idFromSession
Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”
Response:{"id":”tom", "realm":"/", "dn":"id=tom,ou=user,dc=openam,dc=forgerock,dc=org”}
Get UserID from Session
![Page 25: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/25.jpg)
Open Identity Summit
GET:
http://www.idp.com:8888/openam/json/users/tom
Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”
Response:{ "name":"tom", "realm":"/", "uid":["tom"], "mail":["[email protected]"], "sn":["Petty"], "givenname":["Tom"],}
Get User Profile
![Page 26: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/26.jpg)
Open Identity Summit
Extending End User Pages
![Page 27: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/27.jpg)
Open Identity Summit
<div class="column1">
<div class="field">
<label class="light">{{t "common.user.postalCode"}}</label>
<input type="text" name=”city" />
<div class="validation-message"></div>
</div>
</div>
<div class="column2">
<div class="field">
<label class="light">{{t "common.user.city"}}</label>
<input type="text" name=”postalCode" />
<div class="validation-message"></div>
</div>
</div>
Extending End User Pages
![Page 28: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/28.jpg)
Open Identity Summit
![Page 29: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/29.jpg)
Open Identity Summit
Single Shared Model
ForgeRock Services
ForgeRock REST
ForgeRock UI
Application Scripting
![Page 30: A Common API & UI for Building Next Generation Identity Services](https://reader036.vdocuments.mx/reader036/viewer/2022081507/554fb189b4c9057b298b511f/html5/thumbnails/30.jpg)
Q & AQ & A
Logo of Presenter Company HERE