An Overview of Project OpenPTK
By Scott Fehrman on Mar 20, 2008
OpenPTK is an open source project that provides a collection of tools and sample applications that Web and Java developers can use to integrate custom applications with user provisioning systems. Using industry standard interfaces, developers can build flexible user management applications that support Enterprise-class, department/group level and Web 2.0 type user provisioning environments.
Most intranet and Internet applications require user authentication. Applications either have an intergrated data store (e.g. RDBMS) or leverage an network service (e.g. LDAP) for validating users. Managing the "life cycle" of user data has become challenging. There are different user provisioning strategies:
- An enterprise typically implements a provisioning solution such as Sun's Identity Manager to manage user data across multiple applications and services.
- Departments (or group level) many only have a single application that has a dedicated user data store. The volume of user management activities is usually small.
- Web 2.0, Internet facing, applications typically leverage a scaleable / available network service for storing user information.
Organizations need to implement a set of basic user management capabilities. For End Users, a solution needs to provide; "Forgotten Password" and "Self Service" functionality. For User Administration, a solution needs to provide fundemental Create, Read, Update, Delete and Password operations. Provisioning solutions and user data stores most likely provide these basic user management capabilities through their native interfaces. The problem is that these native interfaces may not meet the organization's requirements. Organizations have expressed the need to intergrate user management systems with different custom "End User" experiences/interfaces. Commonly requested interfaces include:
|Remote Web Interface:||Organizations need a Web interface, for user provisioning, that can be deployed remotely from the system that host the provisioning solution.|
|Command Line Interface:||Administrators need an interface that allows them to perform provisioning from a comamnd-line interface, either interactively or from a shell script.|
|Portal / Portlet Interface:||Enterprise and Departmental organizations may have to provide user provisioning interfaces into an existing Portal infrastructure.|
|WSDL-based Web Service:||Developers need to integrate user provisioning into a SOA environment and are requiring Web Services that can be used by SOA development tools.|
Because of these requirements for custom end-user experiences, organizations will build applications that leverage different types of development environments. The "End User" application (experience) may need to support a rich-native desktop interface, a browser-based interface, a Web Service or a command-line interface. Developers will design solutions that integrate an orgaization's interface experience with the various user data stores. Developers will most likely have to learn the details related to interacting with the various user data stores. Web developers may not be prepared to deal with Java APIs that are need to access the data store(s).
Project OpenPTK is a three-tier architecture which enables developers to focus on the business application interface, not on the underlying user data store. There's a number of "Consumer Tier" interfaces which address various development options. The "back-end" user data store is abstracted through the "Service Tier". The "Framework Tier" integrates the Consumer and Service tiers while also managing configurations, logging/debugging and provisioning operations.
Project OpenPTK Architecture
Consumer Tier interfaces/examples:
|User Management Lite (UML):||A JSPs/Taglib-based web application which provides basic user administration, and self-service functions.|
|Command Line Interface (CLI):||Provides basic provisioning operations. The CLI can be part of custom scripts that administrators can use to automate provisioning tasks.|
|JSR-168 Portlets:||Provides "Forgotten Password", "Self Service" and "User Administration" capabilities. These portlets can be integrated into a customers existing JSR-168 compliant Portal server.|
|WSDL-based Web Service:||Provides User provisioning operations. Web Service clients (e.g. Java CAPS and soapUI) can reference the WSDL from this service and create custom integration solutions.|
Service Tier implementations:
|SPML:||The Service Provisioning Markup Language is the external interface used by Sun's Identity Manager user provisioning solution.|
|SPE:||Sun's Identity Manager, user provisioning solution, contains a Service Provider Edition interface for user provisioning.|
|JNDI:||The Java Naming and Directory Interface API is used to access LDAP-based (e.g. OpenDS) user data stores.|
|JDBC:||The Java Database Connectivity API is used to access Relational Database user data stores (e.q. MySQL).|
Developers can use Project OpenPTK's interfaces and APIs to handle user provisioning operations without having to worry about the back-end user data stores. User provisioning applications that leverage Project OpenPTK can easily support multiple different user data stores through the use of its flexible configuration mechanism.
Project OpenPTK is a formal open source project hosted on Java.net and is part of the Identity Management community. Project OpenPTK founders: Scott Fehrman, Derrick Harcey and Terry Sigle are Pre-Sales Systems Engineers supporting Sun's Identity Management products.
The Project OpenPTK site contains source code (via svn), documentation, distributions and tracks issues. Anyone is welcome to join the community as an Observer and please subscribe to the "user" and "announce" mailing lists.