Embed Size (px)
DESCRIPTION
Presented by Ludovic Poitou, OpenDJ Product Manager, ForgeRock and Matt Swift, OpenDJ Architect at ForgeRock Open Identity Stack Summit, June 2013
Citation preview
Open Identity Summit
Directories for the REST of us
Ludovic Poitou Product Manager Matthew Swift Architect ForgeRock
Open Identity Summit
LDAP ? ! Good protocol
! Great products and services
! Main problem : Where are the developers ?
! No one learns LDAP or directory services at University
! Poor and complex client development kits
! Protocol from another era : ASN1, BER…
(cc) http://www.flickr.com/photos/bloodlessr/
Open Identity Summit
DSMLv2 ? ! Heavyweight
! Too close to LDAP
! Few tools
! Incomplete
Open Identity Summit
So what else ? ! HTTP for transport
! JSON for data representation
! Loosely coupled
! Fueling the API economy
⇒ RESTfull APIs
(cc) http://www.flickr.com/photos/iain/
Open Identity Summit
Introducing REST to LDAP ! /users
! /groups
! But also any object or collection can be configured ! /hosts
! /networks …
! All CRUD operations: ! Queries, with filters and returned attributes
! Put / Post / Delete / Patch…
! Directory specific operations: Modify password…
Open Identity Summit
GET /users/user.0 {! "_rev" : "000000003a46b19d",!
"schemas" : [ "urn:scim:schemas:core:1.0" ],!
"contactInformation" : {!
"telephoneNumber" : "+1 685 622 6202",! "emailAddress" : "[email protected]"!
},!
"_id" : "user.0",!
"name" : {! "familyName" : "Amar",!
"givenName" : "Aaccf"!
},!
"userName" : "[email protected]",! "displayName" : "Aaccf Amar"!
}!
Open Identity Summit
2 Options ! In OpenDJ server
! Embedded
! Direct access to the data and services
! More secure
! As a standalone web application ! Gateway between HTTP and LDAP
! Works with any LDAP server
! Can be scaled like any other web application
! Network latency
Open Identity Summit
Embedded REST to LDAP ! Delivered part of OpenDJ 2.6 by default.
! Just needs to be enabled
! As well as http logs (for auditing and troubleshooting)
! Configuration as a json file ! LDAP based configuration is coming
Open Identity Summit
Demo
Open Identity Summit
REST to LDAP vs SCIM ! OpenDJ REST to LDAP is inspired by SCIM
! Filters
! Queries
! Identifiers
! Json representation
! SCIM is still a moving target
! SCIM is Identity centric vs REST to LDAP is generic
! SCIM support will be a strip down, hardwired configuration of REST to LDAP
Open Identity Summit
Take the ride to REST !
Q & A
Logo of Presenter Company HERE
