Respondent
Scott Battaglia, Developer
Goal/Problem Space
OpenRegistry is an opensource Identity Management System (IDMS). OpenRegistry attempts to solve the problem of aggregating, collecting, analyzing and rationalizing all of the information about "you" at your organization. Typically, an institution collects information about a person from multiple sources (i.e. HR, Student, Alumni, Conference, etc.). Each system is not or minimally aware of the others, but they often contain information about the same person. OpenRegistry reconciles these multiple sources to a single identity and allows for downstream services to use this identity.
Features
In its first iteration, OpenRegistry will provide multiple means for providing data (i.e. REST, Web UI, and Batch) as well as outputting (i.e. writing to LDAP). The software is database agnostic, and should support any databases that Hibernate supports.
Technology Stack
Java, Spring, JaValid, Hibernate/JPA, Spring Security
Identity Services
Please indicate which of the following identity services you consume, produce, or broker/convey.
- Consume: Your project uses the services described. For example, you use identification information to determine which person you are dealing with, and you are a client to an authentication interface to confirm the person's identity.
- Produce: Your project provides the services described. For example, you provide facilities to manage groups and can write them out to LDAP.
- Broker/Convey: Your project serves as a middleman, taking data from a producer and providing it to a consumer. For example, you verify authentication information and then generate a SAML assertion.
Managed Information | Consume? | Produce? | Broker/Convey? |
---|---|---|---|
Privileges | X | ? |
|
Roles | X | X |
|
Groups | X | X |
|
Attributes | X | X |
|
Identification | X | X |
|
Defined Interfaces | Consume? | Produce? | Broker/Convey? |
Authentication |
|
|
|
Attributes |
| X |
|
Permissions |
| X |
|
Provisioning |
| X |
|
Authorization |
| X |
|
Subjects |
| X |
|
Other | Consume? | Produce? | Broker/Convey? |
Standards and Interfaces
In its first iteration, OpenRegistry will provide an API such that plugins can be written to output data to multiple sources (i.e. an LDAP server). It will not respond to queries for information directly. Relevant standards (SPML, etc) will be supported as appropriate.
Issues and Challenges
Many of the challenges involve the input, manipulation, and output of the data. Some sources may not have the information in the format necessary, or be able to generate the information required. The system will need a way to deal with sources that cannot provide the information (i.e. some systems may not be able to tell us when a role ends, the person might just drop off the batch feed, and OR needs to be able to determine that that means someone's role expired).