Scott Battaglia, Developer
OpenRegistry is an opensource Identity Management System (IDMS). OpenRegistry attempts to solve the problem of aggregating, collecting, analyzing and rationalizing all of the information about "you" at your organization. Typically, an institution collects information about a person from multiple sources (i.e. HR, Student, Alumni, Conference, etc.). Each system is not or minimally aware of the others, but they often contain information about the same person. OpenRegistry reconciles these multiple sources to a single identity and allows for downstream services to use this identity.
In its first iteration, OpenRegistry will provide multiple means for providing data (i.e. REST, Web UI, and Batch) as well as outputting (i.e. writing to LDAP). The software is database agnostic, and should support any databases that Hibernate supports.
Java, Spring, JaValid, Hibernate/JPA, Spring Security
Please indicate which of the following identity services you consume, produce, or broker/convey.
Managed Information |
Consume? |
Produce? |
Broker/Convey? |
---|---|---|---|
Privileges |
X |
? |
|
Roles |
X |
X |
|
Groups |
X |
X |
|
Attributes |
X |
X |
|
Identification |
X |
X |
|
Defined Interfaces |
Consume? |
Produce? |
Broker/Convey? |
Authentication |
|
|
|
Attributes |
|
X |
|
Permissions |
|
X |
|
Provisioning |
|
X |
|
Authorization |
|
X |
|
Subjects |
|
X |
|
Other |
Consume? |
Produce? |
Broker/Convey? |
In its first iteration, OpenRegistry will provide an API such that plugins can be written to output data to multiple sources (i.e. an LDAP server). It will not respond to queries for information directly. Relevant standards (SPML, etc) will be supported as appropriate.
Many of the challenges involve the input, manipulation, and output of the data. Some sources may not have the information in the format necessary, or be able to generate the information required. The system will need a way to deal with sources that cannot provide the information (i.e. some systems may not be able to tell us when a role ends, the person might just drop off the batch feed, and OR needs to be able to determine that that means someone's role expired).