We have been implemented both Providers and Relying Party solutions.
Company experience can be reassumed in a general architecture that we call OpenPlatform.
The system front-end is load balancer, (usually hardware), distributing
requests on a battery of J2EE Web Containers.
Every Web container is accessed through an Apache Server 2.x used to perform URL rewriting, resource access restrictions and HTTPS support.
Web containers hosts both presentation and REST services.
Presentation layer is based on JSTL solutions. We don't use specific J2EE frameworks, with the exception of an IoC (Inversion of Control) support based on Google Guice.
DAO (Database Access Object) objects are written with iBATIS.
Business Tier lays on persistence and connector layers.
Persistence layers is divided in:
- Storage persistent infrastructure;
- Memory persistent infrastructure.
Storage persistent infrastructure is based on MySQL master-slave replication and is intended to maintain persistent data like User profiles, preferences logs and related.
Memory persihttp://www.blogger.com/img/blank.gifstent infrastructure is based on a Memcached server used to share user session data across Web Containers.
Connector layers provide access to:
- Legacy SSO (Single Sign On) systems;
- Social Networks.
Access to Social Networks is done with Open Social and Social Graph API.
Retrieval of social relations is used to generate FOAF (Friend Of A Friend) profiles exposed in Identity Pages and include user related widgets. With Open Social API
the Identity Page is enabled to work as an Open Social Container.
All the visible attributes of User profile are represented inside Itentity Page with
specific Microformats.
Platform allows an high configurability for Provider users.
The main use case allows user to aithenticate to a Relying Party, this can be done by chosing among several defined profiles.
Every profile maintains different attribute data.
User can modify visibility of attributes shown in Identity Page, visualize and modify preferences about Relying Party access and list access log activities.
No comments:
Post a Comment