Download presentation
Presentation is loading. Please wait.
Published byChristopher Higgins Modified over 6 years ago
1
Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble
The FederID project Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble
3
Table of contents What is it ? Attended audience Technical goals
Core components: Presentation Architectures Status / TODO Project planning The communities, the project and ObjectWeb
4
What is it ?
5
Attended audience of the project
Administrations: How to manage my employees' identities? How to offer services to other well known administrations, companies, associations, etc.? How to offer services with other public entities for the citizens (SSO, global registration, etc.)? How to manage identity federation with private life respect (avoid unique global identifier)? Private companies: How may I share services with my partners without giving all my clients' files? How to offer higher on-line transaction confidence by federating instead of aggregating information?
6
Technical goals Now, respect standards: LDAP:
Advanced Access Controls List System (AACLs) Standard JNDI / JLDAP integration DSML: Through OpenLDAP (ex-Novell) API Liberty Alliance: Native ID-FF 1.2 and ID-WSF implementation (LASSO) And SSO usage: HTTP request headers (LemonLDAP) Support any authentication methods (password, x509v3, biometrics, Radius, etc.)
7
Technical goals In the future: Implementation:
SAMLv2: as Identity and Service provider in a circle of trust SPML: to enable interaction between systems and application that support provisioning through this mark- up language Proposal: Ldap Query Language (LQL): Extends the LDAP simple query standard
8
What are the core components ?
InterLDAP: identity management (directory and access control models, web and web service interfaces, data management) Written in Java on top of Tomcat LASSO: Library that supports Liberty Alliance standards (Identity federation, SSO, attributes sharing) Written in C on top of libXml2, OpenSSL LemonLDAP: Single Sign On reverse proxy providing HTTP request headers to applications Written in Perl as an Apache Handler
9
InterLDAP architecture
10
InterLDAP directory organization sample
11
LASSO architecture
12
LemonLDAP architecture
13
InterLDAP status OK: Registration process Dynamic access control model
Availability of generic interfaces Dynamic notification of modified information KO: Only generic interfaces available Special developments done in OpenLDAP (extended referrals, etc.) Data selection API Conception errors linked to the monolithic characteristic of the project
14
InterLDAP status TODO: Rewrite parts the project:
AACLs as on OpenLDAP overlay and as an Apache DS module Rewrite the LDAP connection pool Define how to manage generic and specialized web interfaces Improve the LDAP Simple Connector sub project to a true Meta Directory with connectors to (and from): Systems and other directories (AD, eDirectory, etc.) Databases Include nice features like: SASL delegation Proxy authorization X509v3 SPML
15
LASSO status OK: Liberty Alliance standard implementation
Interaction with other product Multilingual bindings through Swig KO: Ease of use Documentation TODO: Implements SAMLv2 support Integrates LASSO with LemonLDAP to create a Service Provider Integrates LASSO with InterLDAP to create an Identity Provider
16
LemonLDAP status OK: Tested and functional with compatible applications 2 years production experience KO: Scalability of the original version (Use of relational DB) Ease of deployment (LemonLDAP server side) Directory model integration Documentation TODO: Improve documentation Improve new instances integration Include a better directory query engine
17
Project planning
18
The community, the project and ObjectWeb
The communities are, at this time, small (less than 20 people) The project: Offers one kind of solution to a variety of issues around identity management and federation Is the only Open Source project to solve most of the issues mentioned (at our knowledge) Is Open Source and targets to be highly configurable and integrable ObjectWeb: Involved in FederID project as incubator Using different components like Enhydra Octopus, Shark & JaWE, JOTM
19
Questions ?
20
Thanks to ... My company, LINAGORA, which supports part of the development of InterLDAP Entr'ouvert, Thales DSV and ISTASE which trusted us to launch the project Clément Oudot who has improved a lot this presentation Jean-Baptiste Nataf and Alexandre d'Alton without whom InterLDAP would never have been started And many other, for their advices, patches, etc. And You, architects from the ObjectWeb consortium for your questions and points of view
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.