Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Selector Architecture Harmonization
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
Since Selectors use most of the Higgins Components, work on harmonizing the Higgins selectors into a single architecture would be a huge step towards overall Higgins architecture harmonization/convergence.
A good first step in converging the selectors is start by harmonizing the GTK and Cocoa Selector and the AIR Client and Server. Aside from UI differences, the former performs all processing locally, whereas the latter presents a local UI but relies on a hosted server. The latter has the advantage of supporting roaming of cards as well as multiple simultaneous clients. The former has performance advantages. We'd like to get the best of both worlds by having a converged architecture which synchronizes cards between the client and the server. The common code would be in a local "selector service" component that alternative UI layers can use.
Contents
- 1 Top Level Diagram
- 2 Phase 1
- 3 Phase 2
- 3.1 Local I-Card Service
- 3.2 I-Card Cache (Component Set)
- 3.3 Server Modifications
- 3.4 Card Sync Protocol
- 3.4.1 Transfer objects
- 3.4.1.1 BaseTO
- 3.4.1.2 RevisionTO
- 3.4.1.3 CardTO
- 3.4.1.4 MCardTO
- 3.4.1.5 PCardTO
- 3.4.1.6 ClaimTO
- 3.4.1.7 ClaimUiDescriptor
- 3.4.1.8 ClaimTypeTO
- 3.4.1.9 CardExtensionTO
- 3.4.1.10 StsPrivacyPolicyTO
- 3.4.1.11 TokenServiceTO
- 3.4.1.12 CredentialDescriptorTO
- 3.4.1.13 EndpointReferenceTO
- 3.4.1.14 CardHistoryTO
- 3.4.1.15 WebFormTO
- 3.4.1.16 CardCategoryTO
- 3.4.1.17 UserProfileTO
- 3.4.1.18 CardCredentialTO
- 3.4.1.19 UsernamePasswordCredentialTO
- 3.4.1.20 PinCredentialTO
- 3.4.1.21 UseAlwaysTO
- 3.4.1.22 CaptchaTO
- 3.4.1.23 OperationTO
- 3.4.2 Exceptions
- 3.4.3 Authentication
- 3.4.4 JAX-RS API
- 3.4.5 JAX-WS API
- 3.4.6 Sequences
- 3.4.1 Transfer objects
- 4 Phase 3
Top Level Diagram
As you can see we formalize the separation of presentation from core services:
Notes:
- We introduce the notion of a "Component Set" -- a set of components
- This architecture would run on Windows, Mac OSX, Linux and (with further work) potentially smart phones
- The "Selector UI" component would be either GTK, Cocoa or AIR-based, but the underlying Local I-Card Service would be common.
Phase 1
Phased approach to implementation.
First Steps
The first objective is to perfectly align the existing Components with the above diagram.
- Jeesmon: Split the shared tcpserver project into multiple projects to align with above. Suggestions for new names:
- org.eclipse.higgins.hss for http://wiki.eclipse.org/Components#Higgins_Selector_Selector_.28HSS.29
- org.eclipse.higgins.hss.manager for http://wiki.eclipse.org/Components#HSS_Manager
- org.eclipse.higgins.hss.launcher for http://wiki.eclipse.org/Components#Higgins_Launcher
- org.eclipse.higgins.hbx.ie (NOT hbxie! (taken)) for http://wiki.eclipse.org/Components#Higgins_Browser_Extension_.28HBX.29
- Jeesmon: Merge the currently separate HSS connectors into .higgins.hss per the following ticket 258504
- Jeesmon: Split the AIR Selector code (org.eclipse.higgins.air ) into two project files
- org.eclipse.higgins.selector.ui.air - selector UI in AIR/Flex
- org.eclipse.higgins.selector.client.air (will eventually be replaced with a common .higgins.lics Local I-Card Service in C++) - selector services in AIR/Flex
- Split GTK/Cocoa Selector component into smaller pieces. Here's the first split:
- Leave "org.eclipse.higgins.cbselector" project as-is (for Higgins 1.0 use)
- Copy just the GTK-based user interface portion of .cbselector (shown in a box here) into a new project .higgins.selector.ui.gtk as the first alternative implementation project within the new Selector UI component shown above.
- Copy the rest of the .cbselector project into a new .higgins.lics (Local I-Card Service) component
- Change GTK-based Selector to use standard Higgins HBX
Phase 2
Local I-Card Service
The client side of phase 2 involves creating the .higgins.lics project by copying the "Identity Selector Service" from the .cbselector and replacing the its i-card store with an i-card cache
Overview:
I-Card Cache (Component Set)
One possible way to implement the I-Card Cache:
Server Modifications
A new, RESTful binding I-Card Sync Web App component would be layered over an enhanced I-Card Service.
Card Sync Protocol
Our latest thinking is to create a new RESTful binding over the I-Card Service using JAX-RS. We have to decide on an implementation of JAX-RS. Perhaps Jersey?
Transfer objects
BaseTO
public class BaseTO
extends java.lang.Object
implements java.io.Serializable
Base transfer object. All resources should extend it.
private java.lang.String id Represents unique resource server identifier.
private RevisionTO revision Represents revision information.
RevisionTO
public class RevisionTO
extends java.lang.Object
implements java.io.Serializable
Resource revision transfer object.
private java.util.Date modifiedTime Represents last modified date.
private java.lang.Long number Represents revision number.
CardTO
public class CardTO extends BaseTO implements java.io.Serializable
Card transfer object.
private java.lang.String cardId Represents card identifier.
private ClaimTO[] claims Card claims.
private java.util.Date expiredTime Card expired date.
private CardExtensionTO[] extensions Card extensions.
private byte[] hashSalt Card hash salt.
private byte[] image Card image.
private java.lang.String imageType Card image mime type.
private java.util.Date issuedTime Issued(created) time.
private java.lang.String issuer Card issuer name.
private byte[] issuerID Card issuer identifier.
private java.lang.String issuerName Human friendly card issuer name.
private java.util.Date lastUpdatedTime Last card updated date.
private byte[] masterKey Card master key.
private java.lang.String name Human friendly card name.
private java.lang.Boolean selfIssued Is card self issued.
private ClaimTypeTO[] supportedClaimTypes Represents array of all possible types of claim that are supported.
private java.lang.String[] supportedTokenTypes Represents arrays of token types which can be provided for this card.
private java.lang.String version Card version.
MCardTO
public class MCardTO
v
extends CardTO
implements java.io.Serializable
Managed card transfer object.
private java.lang.String ic07IssuerInformation Represents /ic07:IssuerInformation extension element
private java.lang.Boolean requireAppliesTo Represents requireAppliesTo card element.
private java.lang.Boolean strongRecipientIdentityRequired Represents /ic07:RequireStrongRecipientIdentity extension element If true than Selector MUST only allow the card to be used at a Relying Party that presents a cryptographically protected identity X.509v3 certificate.
private StsPrivacyPolicyTO stsPrivacyPolicyTO STS/IdP privacy policy
private TokenServiceTO[] tokenServices Represents array of security token services.
PCardTO
public class PCardTO
extends CardTO
implements java.io.Serializable
Personal card transfer object.
private byte[] pinDigest Contains the base64 encoded bytes of the SHA1 hash of the pin code
ClaimTO
public class ClaimTO
extends java.lang.Object
implements java.io.Serializable
Card claim transfer object.
private ClaimTO[] claims Contains sub-claims if claim is complex claim.
private ClaimTypeTO claimType Represents claim type
private ClaimUiDescriptor claimUiDescriptor Represents meta information for building user friendly claim editor.
private java.lang.String[] values Represents claim values.
ClaimUiDescriptor
public class ClaimUiDescriptor
extends java.lang.Object
implements java.io.Serializable
Claim user interface descriptor transfer object. Has meta information for building user friendly claim editor.
private java.lang.String inputMask Might contain input mask for formating claim value on client side.
private java.lang.String[] optionalValues Should contain possible optional values If type equal 4 (TYPE_COMBOBOX ).
private java.lang.String pattern Might contain regular express for validating user input on client side.
private java.lang.String type Defines claim editor type.
- TextField GUI component type TYPE_TEXTFILED = 0;
- TextArea GUI component type TYPE_TEXTAREA = 1;
- FileChooser GUI component type TYPE_FILE = 2;
- CheckField GUI component type TYPE_CHECKBOX = 3;
- ComboBox GUI component type TYPE_COMBOBOX = 4;
- Date(time) GUI component type TYPE_DATETIME = 5.
ClaimTypeTO
public class ClaimTypeTO
extends java.lang.Object
implements java.io.Serializable
ClaimType transfer object.
private java.lang.String description Represents description.
private java.lang.String displayName Represents the human friendly name.
private java.lang.Boolean isSimple Determines whether corresponding IClaim is simple or complex.
private java.lang.String type Represents type URI.
CardExtensionTO
public class CardExtensionTO
extends java.lang.Object
implements java.io.Serializable
CardExtension transfer object.
private java.lang.Boolean enabled Is extension enabled.
private java.lang.String extensionXmlElement Represents extension element data.
StsPrivacyPolicyTO
public class StsPrivacyPolicyTO
extends java.lang.Object
implements java.io.Serializable
STS/IdP privacy policy transfer object.
private java.lang.String url STS/IdP privacy policy url.
private java.lang.String version STS/IdP privacy policy version.
TokenServiceTO
public class TokenServiceTO
extends java.lang.Object
implements java.io.Serializable
Token service transfer object.
private EndpointReferenceTO endpointReference Represents Token Service endpoint.
private CredentialDescriptorTO userCredential Represents Token Service credential.
CredentialDescriptorTO
public class CredentialDescriptorTO
extends java.lang.Object
implements java.io.Serializable
Token service credential descriptor transfer object.
private java.lang.String credentialXmlElement Represent xml element.
private java.lang.String displayCredentialHint Represent user friendly credential hint.
private java.lang.String type Represent credential type.
- SelfIssuedCredential;
- X509V3Credential
- KerberosV5Credential
- UsernamePasswordCredential
EndpointReferenceTO
public class EndpointReferenceTO
extends java.lang.Object
implements java.io.Serializable
Token service Endpoint reference transfer object.
private java.net.URI address Represents address.
private java.lang.String identityXml Represents Identity element of TokenService.
private java.net.URI metadataAddress Represents Metadata Address URI if Metadata contains it.
private java.lang.String metadataXml Represents Metadata element of TokenService.
CardHistoryTO
public class CardHistoryTO
extends BaseTO
implements java.io.Serializable
Card history transfer object.
private java.util.Date date Represents date time of card usage.
private WebFormTO form Represents html web form elements.
WebFormTO
public class WebFormTO
extends java.lang.Object
implements java.io.Serializable
Web form transfer object.
private java.lang.String formAction Represents html form action element.
private java.lang.String formId Represents html form id element.
private java.lang.String formName Represents html form name element.
private java.net.URI url Represents web page URL.
CardCategoryTO
public class CardCategoryTO
extends BaseTO
implements java.io.Serializable
Card category transfer object.
private java.lang.String[] cuids Represents associated card id array.
private int idx Represents category index.
private java.lang.String name Represents category name.
private java.lang.String parentId Represents parent category identifier.
private java.lang.String type Represents category type.
UserProfileTO
public class UserProfileTO
extends BaseTO
implements java.io.Serializable
User profile transfer object.
private java.util.Date createdTime Represents user account created date.
private java.lang.String email Represents user email address.
private java.lang.String firstName Represents user first name.
private java.lang.String lastName Represents user last name.
private java.lang.String loginName Represents user login name.
private java.lang.String mobile Represents user mobile number.
private java.util.Date modifiedTime Represents last updated date.
CardCredentialTO
public class CardCredentialTO
extends BaseTO
implements java.io.Serializable
Card credential transfer object.
private java.lang.String credentialType Represent credential type.
UsernamePasswordCredentialTO
public class UsernamePasswordCredentialTO
extends CardCredentialTO
implements java.io.Serializable
UsernamePasswordCredential credential transfer object. It needs for supporting auto-login.
private java.net.URI tsAddress Represents STS/IdP addres.
private java.net.URI tsMetadataAddress Represents STS/IdP meta address
private java.lang.String username Represents username.
PinCredentialTO
public class PinCredentialTO
extends CardCredentialTO
implements java.io.Serializable
PinCredential transfer object.
private byte[] pinCode Represents pinCode.
UseAlwaysTO
public class UseAlwaysTO
extends BaseTO
implements java.io.Serializable
UseAlways transfer object. It needs for supporting auto-login.
private WebFormTO form Represents html web form elements.
CaptchaTO
public class CaptchaTO
extends BaseTO
implements java.io.Serializable
Captcha transfer object. It needs for password-reset workflow.
private byte[] image Captcha image.
OperationTO
public class OperationTO
extends java.lang.Object
implements java.io.Serializable
Log operation transfer object.
private java.lang.String name Represents operation/command name. It will be one of the following constants:- Persist
- Delete
- DeleteAll
private BaseTO resource Represents resource. It might be null for "Delete". private java.lang.String resourceId Represents server resource identifier. It might be null for "DeleteAll". private java.lang.String resourceType Represents resource type.
Exceptions
it'll be soon.
Authentication
JAX-RS API
it's in progress.
Resources
it's in progress.
MCard
PCard
CardHistory
CardCategory
CardCredential
UseAlways
UserProfile
WADL
Serializable formats
XML(application/xml)
JSON(application/json)
Google protobuf (application/x-protobuf)
http://code.google.com/p/protobuf/
X3 (application/x3)
JAX-WS API
it'll be soon.
WSDL
Serializable formats
== SOAP (application/soap+xml) ==
Sequences
Synchronize card
Synchronize card history
Synchronize card category
Synchronize user profile
Phase 3
This phase is about adapting the AIR Selector to the new architecture.