Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A Common API & UI for Building Next Generation Identity Services

Presented by Jamie Nelson, VP of Engineering, ForgeRock and Jonathan Scudder, OpenAM Architect and ForgeRock Co-Founder at ForgeRock Open Identity Summit, June 2013

Learn more about ForgeRock Access Management:

Learn more about ForgeRock Identity Management:

  • Login to see the comments

A Common API & UI for Building Next Generation Identity Services

  1. 1. Open Identity SummitOpen Identity SummitThe Young and theRESTlessJonathan ScudderJamie Nelson
  2. 2. Open Identity SummitStack ArchitectureResource OrientedRESTfulAPI
  3. 3. Open Identity SummitAPI: How we share data andfunctionality with developersand businesses APIs have been around ‘forever’ Usage and significance has changed dramatically over recent years Shift towards external developers and users API vs SOA
  4. 4. Open Identity SummitKiller Argument Why are we aligning our API’s? Is REST a good enough argument by itself? Don’t our current API’s do enough?
  5. 5. Open Identity Summit#1 Real Stack
  6. 6. Open Identity Summit#2 Boundary Blur ~ 70% of enterprises building private cloud ~ 40% of enterprises building public and hybrid cloud.(Survey by IDC, September 2012)Mobile Social Cloud Enterprise
  7. 7. Open Identity Summit#3 Integration PowerCreateReadUpdateDeletePatchActionQuery Granular control, simple interface Standard set of operations(CRUDPAQ), different inputs &outputs Primarily JSON representation Attractive non-functional tools andtechniques with HTTPROA + REST + JSON
  8. 8. Open Identity SummitCREST example/json/subrealm/users/?_action=create$ curl --request POST --header "iplanetDirectoryPro: AQIC5w..."--header "Content-Type: application/json"--data {"name": "bjensen","userpassword": "secret12","mail": ""}
  9. 9. Open Identity SummitCREST response{"name": "bjensen","realm": "/","uid": ["bjensen"],"mail": [""],"userpassword": ["{SSHA}0pXpKLPRKCGY7g3YqZygJmKMW6IC2BLJimmlwg=="],"dn": ["uid=bjensen,ou=people,dc=openam,dc=forgerock,dc=org"],...
  10. 10. Open Identity SummitAPI strategy - local
  11. 11. Open Identity SummitAPI strategy - stack
  12. 12. Open Identity SummitProblem To many different complicated UI Frameworks Roots from sun Big company UI strategy churn Developers learning new frameworks Customers are locked in Simple modifications overly complex Leads to heavyweight API just for the UI
  13. 13. Open Identity SummitComplex Frameworks Years to learn Takes an expert to make changes No consistency between API, CLI, over the wire Complexity requires an abstraction layer Isolates the UI from Command Line and other APIs Scripting is impossible
  14. 14. Open Identity SummitForgeRock User Interfaces YUI/Click Jato JSF/Ice Faces JSP Admin Java Swing
  15. 15. Open Identity SummitOpen Identity Stack UI Model Single UI model for all products Built on ForgeRock REST (CREST) Common UIs for: User management Registration and Self Service Login and Password Reset Build on shared services for Authentication
  16. 16. Open Identity SummitForgeRock UI Model jQuery (Needs a little help) Backbone.js + Require.js (Modular) Handlebars.js (Templating) Underscore.js (Utility library) Less.js (CSS preprocessor) Built on ForgeRock REST and Common Services Caters to the web developers of today Two different models for ForgeRock UIs
  17. 17. Open Identity SummitAdmin and Configuration Used primarily by Administrators UI not typically customized Configuration for product services Dynamically rendered based on server JSONschema REST APIs for custom applications Adding new services dynamically rendered Customers not expected to modify more than CSS
  18. 18. Open Identity SummitEnd User Primarily seen by end users Simple HTML Templates Read in by Javascript and embedded in the UI Rendered with site wide styles/CSS Simple syntax for embedding dynamic values Separates bus logic from display Simple to modify without breaking the UI Easy to patch and upgrade
  19. 19. Open Identity Summit
  20. 20. Open Identity SummitPOST: Params:username:tompassword:11111111Response:{"tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcIr2TG …”}Authentication
  21. 21. Open Identity Summit
  22. 22. Open Identity SummitPOST:{"userName":"tom”,"email":"","givenName":"Tom","familyName":"Petty","securityQuestion":"1","securityAnswer":”damn the torpedoes”,…}Response:{"dn":["uid=tom,ou=people,dc=openam,dc=forgerock,dc=org"]…}Registration/Create
  23. 23. Open Identity Summit
  24. 24. Open Identity SummitPOST: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”Response:{"id":”tom","realm":"/","dn":"id=tom,ou=user,dc=openam,dc=forgerock,dc=org”}Get UserID from Session
  25. 25. Open Identity SummitGET: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”Response:{"name":"tom","realm":"/","uid":["tom"],"mail":[""],"sn":["Petty"],"givenname":["Tom"],}Get User Profile
  26. 26. Open Identity SummitExtending End User Pages
  27. 27. Open Identity Summit<div class="column1"><div class="field"><label class="light">{{t "common.user.postalCode"}}</label><input type="text" name=”city" /><div class="validation-message"></div></div></div><div class="column2"><div class="field"><label class="light">{{t ""}}</label><input type="text" name=”postalCode" /><div class="validation-message"></div></div></div>Extending End User Pages
  28. 28. Open Identity Summit
  29. 29. Open Identity SummitSingle Shared ModelForgeRock ServicesForgeRock RESTForgeRock UIApplication Scripting
  30. 30. Q & AQ & ALogo of PresenterCompany HERE