|
|
Line 2: |
Line 2: |
| A '''Deployment Configurations''' is a specific combination of [[Components]] that, when assembled and deployed result in an application or service that is identifiable to an end-user as a "whole" app or service. This page is intended to explain how to assemble building block [[Components]] into running apps and services. The intended audience is technical, but more about assembling, building and deploying, as opposed to "developing." | | A '''Deployment Configurations''' is a specific combination of [[Components]] that, when assembled and deployed result in an application or service that is identifiable to an end-user as a "whole" app or service. This page is intended to explain how to assemble building block [[Components]] into running apps and services. The intended audience is technical, but more about assembling, building and deploying, as opposed to "developing." |
| | | |
− | Deployment configurations documented here include web apps, web services, and some where some or all of the code runs on a local client machine. Some require the [[Higgins Browser Extension]] (aka HBX). Some have been deployed to Eclipse Foundation servers and can be used for testing and and development-related purposes. Examples include a CardSpace-compatible IdP service (what Microsoft would call a "Managed Card Provider" (not to be confused with our use of the term provider)), or a MediaWiki app that supports OpenID sign-in, etc.
| + | ==Pure Higgins Deployment Configurations== |
| | | |
− | ==Deployment Configurations==
| + | ; [[H1a Identity Agent Deployment]] : IA for Firefox |
| + | ; [[H1b Identity Agent Deployment]] : IA for IE |
| + | ; [[H2 Identity Agent Deployment]] : IA for Firefox on Linux and OSX |
| + | ; [[H3 Identity Agent Deployment]] : IA for Firefox on Linux, OSX and Windows |
| + | ; [[H4 Identity Agent Deployment]] : IA for RCP Apps |
| + | ; [[STS/IdP Deployment]] : STS/IdP service |
| + | ; [[IdAS Deployment]] : Identity Attribute Service |
| + | ; [[RP Site Deployment]] : Relying Party site |
| | | |
− | === Configuration Summary=== | + | ==Higgins-based Deployment Configurations== |
− | The following table is intended to give an overview of the various deployments by listing what Components comprise them.
| + | ; |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| + | |
− | |-style="background:#d6dee9; color:black"
| + | |
− | ! width="30%" border="1" align="left" valign="top" | Component Used
| + | |
− | ! width="10%" border="1" align="left" valign="top" | H1 IdA
| + | |
− | ! width="10%" border="1" align="left" valign="top" | H2 IdA
| + | |
− | ! width="10%" border="1" align="left" valign="top" | H3 IdA
| + | |
− | ! width="10%" border="1" align="left" valign="top" | H4 IdA
| + | |
− | ! width="10%" border="1" align="left" valign="top" | H5 IdA
| + | |
− | ! width="10%" border="1" align="left" valign="top" | IdP/STS
| + | |
− | ! width="10%" border="1" align="left" valign="top" | RP: RSS-SSE
| + | |
− | |-
| + | |
− | |[[Higgins Browser Extension]]
| + | |
− | |HBX makes SOAP calls to remote RPPS web app
| + | |
− | |PM execs native [[I-Card Selector]] '''(note 1)'''
| + | |
− | |HBX makes SOAP calls to local RPPS web app
| + | |
− | |HBX/PM execs native app
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[RP Enablement]]: [[RSS-SSE RP Test Application]]
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |yes
| + | |
− | |-
| + | |
− | |[[I-Card Manager]]
| + | |
− | |yes
| + | |
− | |not yet implemented
| + | |
− | |planned
| + | |
− | |not yet implemented
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[I-Card Selector]]
| + | |
− | |
| + | |
− | |in process P1
| + | |
− | |
| + | |
− | |
| + | |
− | |part of bundle set
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |RPPS Webapp
| + | |
− | |yes
| + | |
− | |
| + | |
− | |yes
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |RPPS Core
| + | |
− | |yes
| + | |
− | |yes
| + | |
− | |yes
| + | |
− | |
| + | |
− | |part of bundle set
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[I-Card Registry]]
| + | |
− | |yes
| + | |
− | |in process P2 '''(note 2)'''
| + | |
− | |yes
| + | |
− | |in process P1
| + | |
− | |part of bundle set
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[CardSpace Managed I-Card Provider]]
| + | |
− | |yes
| + | |
− | |planned part of process P2
| + | |
− | |yes
| + | |
− | |in process P1
| + | |
− | |part of bundle set
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[CardSpace Personal I-Card Provider]]
| + | |
− | |yes
| + | |
− | |in process P2
| + | |
− | |yes
| + | |
− | |in process P1
| + | |
− | |part of bundle set
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[URI Managed I-Card Provider]]
| + | |
− | |yes
| + | |
− | |
| + | |
− | |yes
| + | |
− | |
| + | |
− | |part of bundle set
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[URI Personal I-Card Provider]]
| + | |
− | |yes
| + | |
− | |
| + | |
− | |yes
| + | |
− | |
| + | |
− | |part of bundle set
| + | |
− | |
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[Token Service]]
| + | |
− | |yes
| + | |
− | |in process P2 (self-issued tokens)
| + | |
− | |yes
| + | |
− | |in process P1
| + | |
− | |part of bundle set
| + | |
− | |yes
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[Identity Attribute Service]]
| + | |
− | |yes
| + | |
− | |in process P2 (self-asserted attributes)
| + | |
− | |yes
| + | |
− | |in process P1
| + | |
− | |part of bundle set
| + | |
− | |yes
| + | |
− | |
| + | |
− | |-
| + | |
− | |[[JNDI Context Provider]]
| + | |
− | |yes
| + | |
− | |not yet implemented
| + | |
− | |yes
| + | |
− | |in process P1
| + | |
− | |part of bundle set
| + | |
− | |yes
| + | |
− | |
| + | |
− | |-
| + | |
− | |}
| + | |
− | Notes:
| + | |
− | #At present we've been using Kevin Miller's Perpetual Motion browser add-on to launch the ISSd daemon. Kevin's add-on uses an xp-com (native code) plug-in to launch a local Identity Agent (currently called ISSd). The plan is to incorporate equivalent functionality within HBX either by a fresh implementation or by getting Kevin to agree to contribute some of his code.
| + | |
− | #Process 2 is currently named "ISSd" it is a single native executable
| + | |
− | #How HBX directly talks to RPPS Core is still under discussion
| + | |
− | #H4 above is most similar to Microsoft CardSpace's architecture
| + | |
| | | |
− | ===H1 Identity Agent (HBX + remote process)===
| |
− | Local:
| |
− | * [[Higgins Browser Extension]] --uses embedded [[ISS Web UI]]
| |
− | Remote:
| |
− | * RPPS web service (see Building Blocks section)
| |
− | * I-Card Manager webapp (see Building Blocks section)
| |
− |
| |
− | ===H2 Identity Agent (HBX + local/remote native processes(2))===
| |
− | Local
| |
− | * [[Higgins Browser Extension]] --launches the [[ISS Client UI]]
| |
− | * [[ISS Client UI]] - relies on local RPPS web app
| |
− | Local or Remote:
| |
− | * RPPS web service (see Building Blocks section)
| |
− | * I-Card Manager webapp (see Building Blocks section)
| |
− |
| |
− | ===H3 Identity Agent (HBX + local java process)===
| |
− | Local:
| |
− | * [[Higgins Browser Extension]]
| |
− | * RPPS web service (see Building Blocks section)
| |
− | * I-Card Manager webapp (see Building Blocks section)
| |
− | * Requires local JVM, Tomcat (this is under discussion)
| |
− |
| |
− | ===H4 Identity Agent (HBX/PM + local native process)===
| |
− | Local:
| |
− | * [[Higgins Browser Extension]] --HBX or Perpetual Motion launches the executable
| |
− | * Single executable containing following:
| |
− | ** [[ISS Client UI]]
| |
− | ** [[I-Card Registry]]
| |
− | ** [[CardSpace Managed I-Card Provider]]
| |
− | ** [[CardSpace Personal I-Card Provider]]
| |
− | ** [[Identity Attribute Service]]
| |
− | ** ...others
| |
− |
| |
− | ===H5 Identity Agent (OSGI bundles)===
| |
− | Local:
| |
− | * Higgins core [[Components]] packaged as OSGI bundles (Eclipse plug-ins)
| |
− |
| |
− | ===CardSpace-interoperable Identity Provider/STS===
| |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| |
− | |-style="background:#d6dee9; color:black"
| |
− | ! width="40%" border="1" align="left" valign="top" | Deployment Configuration
| |
− | ! width="10%" border="1" align="left" valign="top" | OS
| |
− | ! width="10%" border="1" align="left" valign="top" | Runtime
| |
− | ! width="10%" border="1" align="left" valign="top" | Binding
| |
− | ! width="10%" border="1" align="left" valign="top" | Open
| |
− | ! width="10%" border="1" align="left" valign="top" | URL
| |
− | ! width="10%" border="1" align="left" valign="top" | Owner
| |
− | |-
| |
− | |[[CardSpace-interoperable IdP/STS Deployment]]
| |
− | |
| |
− | |
| |
− | |WS-Trust<br>WS-Transfer
| |
− | |TBD
| |
− | |[https://higgins.eclipse.org/TokenService/index.html Token Service]
| |
− | |[[User:mikemci.us.ibm.com | Mike]]
| |
− |
| |
− | |}
| |
− | .
| |
− |
| |
− | ===RP Enablement: CardSpace-interoperable Relying Party Demo App===
| |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| |
− | |-style="background:#d6dee9; color:black"
| |
− | ! width="40%" border="1" align="left" valign="top" | Deployment Configuration
| |
− | ! width="10%" border="1" align="left" valign="top" | OS
| |
− | ! width="10%" border="1" align="left" valign="top" | Runtime
| |
− | ! width="10%" border="1" align="left" valign="top" | Binding
| |
− | ! width="10%" border="1" align="left" valign="top" | Open
| |
− | ! width="10%" border="1" align="left" valign="top" | URL
| |
− | ! width="10%" border="1" align="left" valign="top" | Owner
| |
− | |-
| |
− | |[[CardSpace-interoperable RP Demo App]]
| |
− | |Fedora 5
| |
− | |JVM 5.0, Tomcat 5.x
| |
− | |CardSpace (X)HTML interaction type
| |
− | |TBD
| |
− | |[https://higgins.eclipse.org/RelyingPartyDemoApp site]
| |
− | |Bruce
| |
− | |}
| |
− | .
| |
− | ===RP Enablement: RSS-SSE RP Test Application===
| |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| |
− | |-style="background:#d6dee9; color:black"
| |
− | ! width="40%" border="1" align="left" valign="top" | Deployment Configuration
| |
− | ! width="10%" border="1" align="left" valign="top" | OS
| |
− | ! width="10%" border="1" align="left" valign="top" | Runtime
| |
− | ! width="10%" border="1" align="left" valign="top" | Binding
| |
− | ! width="10%" border="1" align="left" valign="top" | Open
| |
− | ! width="10%" border="1" align="left" valign="top" | URL
| |
− | ! width="10%" border="1" align="left" valign="top" | Owner
| |
− | |-
| |
− | |[[RSS-SSE RP Test Application]] (WAR)
| |
− | |Fedora 5
| |
− | |JVM 5.0, Tomcat 5.x
| |
− | |WS, RSS-SSE
| |
− | |TBD
| |
− | |not currently available
| |
− | |[[User:sergey.parityinc.net | SergeiY]]
| |
− | |}
| |
− | .
| |
− |
| |
− | ==''Higgins-based'' Deployment Configurations==
| |
− | ''Higgins-based Deployment Configurations'' are configurations that incorporate non-Higgins 3rd party code (usually also open source) as well as one or more of the Higgins [[Components]]
| |
− |
| |
− | ===CardSpace-interoperable Identity Provider/STS===
| |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| |
− | |-style="background:#d6dee9; color:black"
| |
− | ! width="40%" border="1" align="left" valign="top" | Deployment Configuration
| |
− | ! width="10%" border="1" align="left" valign="top" | OS
| |
− | ! width="10%" border="1" align="left" valign="top" | Runtime
| |
− | ! width="10%" border="1" align="left" valign="top" | Binding
| |
− | ! width="10%" border="1" align="left" valign="top" | Open
| |
− | ! width="10%" border="1" align="left" valign="top" | URL
| |
− | ! width="10%" border="1" align="left" valign="top" | Owner
| |
− | |-
| |
− | |[[CardSpace-interoperable IdP/STS Bandit Implementation]]
| |
− | |Open SUSE 10.2
| |
− | |JVM 5.0<br>Tomcat 5.0
| |
− | |WS-Trust<br>WS-Transfer
| |
− | |TBD
| |
− | |[http://wag.bandit-project.org Token Service]
| |
− | |[[User:dsanders.novell.com | Daniel]]
| |
− | |}
| |
− | .
| |
− |
| |
− | ==Building Blocks==
| |
− | The following sections describe services that are used by top level deployment configurations described in the previous sections.
| |
− |
| |
− | ===I-Card Manager Web App===
| |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| |
− | |-style="background:#d6dee9; color:black"
| |
− | ! width="40%" border="1" align="left" valign="top" | Deployment Configuration
| |
− | ! width="10%" border="1" align="left" valign="top" | OS
| |
− | ! width="10%" border="1" align="left" valign="top" | Runtime
| |
− | ! width="10%" border="1" align="left" valign="top" | Binding
| |
− | ! width="10%" border="1" align="left" valign="top" | Open
| |
− | ! width="10%" border="1" align="left" valign="top" | URL
| |
− | ! width="10%" border="1" align="left" valign="top" | Owner
| |
− | |-
| |
− | |[[I-Card Manager Web Application]] (WAR) [[ICM PSF | ide]], [[Building I-Card Manager Application | cli]]
| |
− | |Fedora 5
| |
− | |JVM 5.0, Tomcat 5.x
| |
− | |WS
| |
− | |TBD
| |
− | |site
| |
− | |[[User:sergey.parityinc.net | SergeiY]]
| |
− | |}
| |
− | .
| |
− |
| |
− | ===RPPS Web Service===
| |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| |
− | |-style="background:#d6dee9; color:black"
| |
− | ! width="40%" border="1" align="left" valign="top" | Deployment Configuration
| |
− | ! width="10%" border="1" align="left" valign="top" | OS
| |
− | ! width="10%" border="1" align="left" valign="top" | Runtime
| |
− | ! width="10%" border="1" align="left" valign="top" | Binding
| |
− | ! width="10%" border="1" align="left" valign="top" | Open
| |
− | ! width="10%" border="1" align="left" valign="top" | URL
| |
− | ! width="10%" border="1" align="left" valign="top" | Owner
| |
− | |-
| |
− | |[[RPPS Web Service]] (WAR)
| |
− | |Fedora 5
| |
− | |JVM 5.0, Tomcat 5.x
| |
− | |WS, RSS-SSE
| |
− | |TBD
| |
− | |WS endpoint
| |
− | |[[User:sergey.parityinc.net | SergeiY]]
| |
− | |}
| |
− | .
| |
| | | |
| ==Nightly Builds== | | ==Nightly Builds== |
Line 344: |
Line 40: |
| . | | . |
| | | |
− | ==Conventions Used on This Page== | + | ==Links== |
− | Each Deployment Configuration is documented by a table. In cases where this is a multi-row table, there should be a short paragraph on this page that describing how the multiple machines are used together. For example: if row/machine#1 is running Firefox with HBX and row/machine#2 is running the I-Card Manager then using the browser you'll be able to do <something>.
| + | |
− | | + | |
− | * The deployment owner is responsible for maintenance of this table
| + | |
− | * Each computer involved has its own row. This row describes that computer's configuration (OS, runtime, etc.).
| + | |
− | | + | |
− | Table Columns
| + | |
− | # '''Deployment Configuration''' - link to wiki page describing deployment configuration (see "Deployment Description" section below)
| + | |
− | # '''OS''' - OS that this machine either (a) runs on (see URL column) or (b) has been tested on. Put in parens the OS number if more than OS instance is involved
| + | |
− | # '''Runtime''' - Runtime environment for this machine (e.g. JVM & version, Tomcat & version, etc.)
| + | |
− | # '''Binding''' - how will the service running on this machine be consumed
| + | |
− | # '''Open''' - open enhancements and bugs (Bugzilla) for this deployment configuration: (Note: none are currently defined)
| + | |
− | # '''URL''' - endpoint that hosts a test version of the service (hosted by Eclipse Foundation)
| + | |
− | # '''Owner''' - person with overall responsibility for this deployment configuration (not individual components)
| + | |
− | | + | |
− | ===Example Table===
| + | |
− | {| class="wikitable" style="text-align:left; border="1" cellpadding="5" cellspacing="0"
| + | |
− | |-style="background:#d6dee9; color:black"
| + | |
− | ! width="30%" border="1" align="left" valign="top" | Deployment Configuration
| + | |
− | ! width="10%" border="1" align="left" valign="top" | OS
| + | |
− | ! width="10%" border="1" align="left" valign="top" | Runtime
| + | |
− | ! width="10%" border="1" align="left" valign="top" | Binding
| + | |
− | ! width="10%" border="1" align="left" valign="top" | Open
| + | |
− | ! width="10%" border="1" align="left" valign="top" | URL
| + | |
− | ! width="10%" border="1" align="left" valign="top" | Owner
| + | |
− | |-
| + | |
− | |CardSpace-interoperable IdP/STS
| + | |
− | |Open SUSE 10.2
| + | |
− | |JVM 5.0<br>Tomcat 5.0
| + | |
− | |WS-Trust<br>WS-Transfer
| + | |
− | |TBD
| + | |
− | |[http://wag.bandit-project.org Wag (IdP)]
| + | |
− | |[[User:dsanders.novell.com | Daniel]]
| + | |
− | |}
| + | |
− | | + | |
− | ===Deployment Description===
| + | |
− | This wiki page must contain the following sections:
| + | |
− | # Overview --describes briefly the service running on this machine
| + | |
− | # Assembly and Build
| + | |
− | #* A table with a row for each Higgins component required and a row for each non-Higgins component JAR, etc required. Each row has these columns:
| + | |
− | #*# Name of component/jar
| + | |
− | #*# Link to description --in the case of Higgins components and projects this should be a link to the [[Components]]page#<component-name> AND the row prefix (e.g. "A" or "B")
| + | |
− | # Deployment
| + | |
− | #* Deployment "hints": things you might have had to do to "configure" the files. For example the STS and LDAP CP have several configuration files that need to be explained a little for anyone wanting to replicate the deployment to their own servers. Another example: Tomcat configuration
| + | |
− | #* Any unusual steps related to configuring non-Higgins components
| + | |
− | The Assembly and Build instructions section would start off with a bulleted list of components and other external stuff that you'll need. We can include links to the various required rows on the Components page tables as we've started doing.
| + | |
− | | + | |
− | | + | |
− | ==See Also==
| + | |
| * [http://eclipse.org/higgins Higgins Home] | | * [http://eclipse.org/higgins Higgins Home] |
Though certainly not a "deployment" in the usual sense, the Higgins project automatically builds some of the Components every night.
.