Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Architecture"

(Components)
(the "Architecture" should be generalized and not project specific)
(64 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This page describes the core components of the planned 1.0 Higgins architecture.
+
'''Architecture''' may refer to:
===Higgins Consumers===
+
Client apps and services that use these core components are expected to include:
+
* [[Higgins Browser Extension]]
+
* "Relying Party" websites that will consume identity data provided by Higgins-based services. These would use at least the "RP Enablement" component mentioned below
+
* Enterprise apps that could potentially rely on the Higgins I-Card Selector service and/or UI, and/or the [[Identity Attribute Service]]
+
===Components===
+
''Note: In this diagram "PI" means a plug-in.'' <br>
+
[[Image:Higgins-v27.JPG]]
+
  
# [[RP Enablement]]
+
== Eclipse Foundation ==
# [[I-Card Manager]]: Provides a web-based management interface to the user's i-cards and underlying context data (if any). This app is accessed by pressing a button embedded in the browser's toolbar.
+
* [[Architecture Council]]
# [[HBX Support]]: Back end service to support non-authentication related web integration approaches and protocols supported by the [[Higgins Browser Extension]].
+
# [[ISS Web UI]]: In deployments where the [[Higgins Browser Extension]] uses a remote ISS service, this webapp provides the I-Card Selector UI web pages that are displayed by the [[Higgins Browser Extension]] allowing the user to select a matching i-card from among those that match the relying party's policy, approve the release of its associated [[Digital Identity]], and allow the user to create their own self-asserted i-cards.
+
# [[ISS Client UI]]: In deployments where the [[Higgins Browser Extension]] uses a local ISS service, this rich client provides the I-Card Selector UI and the same features mentioned under #5 above.
+
# [[I-Card Selector Service]] (ISS): ISS negotiates between relying party and identity provider(s) in order for the user to gain access to the services at the relying party. It does this by finding matches between the claims required by policy of the relying party and the claims in available i-cards. As controlled by the policy on these i-cards it uses the ISS UI & HBX Support component to provide a consistent user interface for the selection and release of claims under the supervision of the user. It keeps track of which relying sites and/or services to which the user has released [[Digital Identity|Digital Identities]].
+
# [[I-Card Registry]]: Manages the user's set of i-cards each of which is implemented by an I-Card Provider (plug-in) implementation.
+
# [[I-Card Provider]]: Some implementation aspects, especially claim mapping, of I-Cards being matched in ISS and presented in the ISS UI components are implemented by ''[[I-Card Provider]]s''. Some [[I-Card Provider]]s consume attributes from [[Digital Subject|Digital Subjects]] in [[Context|Contexts]] managed by IdAS, and maps them to the normalized claim "namespace" used by ISS. Other I-Card Providers are facades over remote Identity Providers. I-Card Providers are responsible for importing and exporting I-Cards to Higgins-defined formats as well as formats used by Microsoft CardSpace and other identity systems.
+
# [[Attribute-Claim Mapping]]: Used by the [[I-Card Provider]] to map attributes (e.g. those from IdAS) into claims that will be transformed and/or digitally signed by a [[Token Provider]].
+
# [[Token Service]]: The Token Service creates relying party [[Digital Identity|Digital Identities]] from claim data. Claims can either be "pushed" (passed) by the I-Card Provider to the [[Token Service]] and passed in turn to a [[Token Provider]], or the [[Token Issuer]] can "pull" (retreive) claim data from the I-Card Provider.
+
# [[Token Provider]]: The Token Issuer relies on Token Provider (plug-ins) for packaging and signing of specific kinds of security tokens.
+
# [[Identity Attribute Service]] (IdAS): To support a dynamic environment where sources of identity information may change, it is necessary to provide a common means to access identity and attribute information from across multiple identity repositories. The IdAS virtualizes identity sources and provides a unified view of identity information. IdAS includes services such as: open initial [[Context]], open other [[Context|Contexts]] from the initial or other contexts, negotiate/broker authentication during opening of contexts, navigate the contents of an opened context and inspect contained [[Digital Subject]]s and their attributes, edit attributes (as allowed by the context's policies), associate of [[Digital Subject]]s within and across contexts, creation of new contexts, support management of the attributes of [[Digital Subject]]s linked within and across [[Context]]s. The IdAS API will be accessible via Java and other languages as well as via WSDL and HTTP/XML.
+
# [[Context Provider]]: A [[Context Provider]] adds support for one or more kinds of [[Context]]s to the Higgins framework. These [[Context]]s contain [[Digital Subject]]s that hold [[Identity Attribute]]s. A context provider is responsible for its internal data management, security, encryption, persistence, etc. The provider provides the uni- or bi-directional transformation of data from its internal structures to the normalized IdAS data model. In many cases these [[Context Provider]]s act as adapters or "wrappers" of existing services such as communications systems, collaboration systems, social networks, identity providers, games, enterprise apps, and so on. In addition to web services, [[Context Provider]]s can also adapt client-side applications such as email clients, IM and other messaging and collaboration apps.. We plan to develop approximately 3-5 [[Context Provider]]s We expect that third parties may also choose to contribute [[Context Provider]] implementations to the project.
+
  
===Recent changes to the diagram===
+
== Projects ==
* v27: Renamed "Token Issuer" to "Token Service"
+
* [[Higgins Architecture]]
* v25-6: Rename i-card broker/manager to i-card manager; change line at top connected to ISS Web UI to red (to reflect a possible deployment option is that the ISS Web UI runs local (on same machine as browser))
+
* v24: Changed how "Attribute/Claim Mapping" component interconnects with Token Provider
+
* v23: Added a new component, "Attribute/Claim Mapping"; Changed Token Provider to (optionally) pull claim data from I-Card Provider (instead of directly from IdAS, as it had been in v22).
+
* v22: Split ISS into two: ISS and I-Card Registry; Renamed DI Provider Framework to Token Issuer; And renamed DI Issuer to Token Provider per discussion at most recent F2F. 
+
* v21: Removed the "contributed to Higgins" vs. "Higgins component" distinction; Added "optional" interconnect lines; renamed I-Card Broker to "I-Card Manager (Webapp)"; added annotation for I-Card File/Wire Format;
+
* v20: Renamed STS to DI Issuer Framework; Renamed Token Provider to DI Issuer; Added local/remote interconnect lines; removed HBX and other requesters (to separate diagram)
+
* v18-19: Interface to local STS moved to I-Card Providers (from ISS); Removed "Identity Provider" grey box at the top; Moved Relying Party from the top to its own "Relying Parties" area at the right. Moved lower grey IdP box into its own separate "Service Provider" area. Changed font to Bookman Old Style.
+
* v17: Added two new grey boxes: File Import & Export (of I-Cards), Remote IdP; added a line to show that I-Card Broker WebApp will use IdAS API directly
+
* v16: Added a line from "Local or Remote Enterprise Apps" to the top of "ISS UI (Rich Client)"; Also, added a new grey box: "Identity Provider (Issuer)"
+
* v15: Added "Browser" grey box<br/>
+
:Added in missing ISS UI (Rich Client) component --needed to mimic exactly<br/>
+
:CardSpace's WinXP-based architecture<br/>
+
:Connected the Relying Party to both the Browser and to HBX<br/>
+
:Removed End User Components, Developer, Enterprise -> simply added "Enterprise" to :large grey box text instead<br/>
+
:Removed the RCP Demo App entirely (retiring it)<br/>
+
:Switched the interconnecting lines style<br/>
+
:Split ISS UI & HBX Support into two separate components: ISS UI (WebApp) and HBX :Support<br/>
+
:Shortened Relying Party Tags & Impl to "Relying Party"
+
* v11-14: Added I-Card Providers to ISS; now I-Card Providers consume IdAS API not ISS; add "Enterprise" label
+
* v10: Added I-Card Broker Web App to diagram and text
+
* v9: Added to IdAS API: Local Language Bindings; added two directional arrows to/from STS; added a "gray" STS
+
* v8: Minor formatting tweaks.
+
* v7: Split Higgins core into "IdAS" and "Identity Selector Service", removed "root" Context Providers from diagram, added PAM integration, removed all color coding relating to development status, added "3rd party contributed" distinction/color. Higgins has now become just the name of the enclosing projects, but the component names no longer contain "Higgins".
+
* v6: Added two JAAS boxes
+
 
+
==See Also==
+
* [[Higgins Wiki]]
+

Revision as of 10:25, 16 July 2008

Architecture may refer to:

Eclipse Foundation

Projects

Back to the top