Security provisioning through the ESB
By William Wilkins on Sep 14, 2008
Project OpenESB is a community that is intended to derive multiple solutions and components all sharing a single platform based on JBI. Another example of this is a solution in a sub-project called keychain. Keychain is an early stage project that attempts to solve the problem of how to provision identities against legacy applications. Essentially it provides a gateway, built on top of the ESB platform, that exposes an "SPML compliant" provisioning interface which can be accessed by any SPML compliant application or just send an SPML document across HTTP/SOAP.
The gateway will then route this request, suitably transformed, to the legacy application to execute the particular provisioning (create, update, delete of user information) request. Again, this is an early stage project that is driving the creation of new ESB adaptors and will later drive the evolution of the platform into an "appliance-like" package. So far, to show the breadth of the potential application of KeyChain, there are early examples of provisioning to RACF, Salesforce.com, and LDAP.