Jerry Waldorf's Blog
OpenPTK, Identity Manager, and Keychain (the Open Source SPMLv2 Gateway)
OpenPTK, Sun's Identity Manager, and Keychain the SPMLv2 Gateway are all non overlapping components that can work together to help build a standards based Identity Provisioning Solution. The OpenPTK is made up of libraries and example code that shows how to invoke an Identity Management System using SPML. The SPML Gateway helps integrate any SPML compliant Identity Management solution to legacy applications. So these two open source projects (OpenPTK and SPML Gateway) are compatible and complementary to each other. And help Sun's Identity Management product fit in with the open protocol of SPML.
Posted at 11:24AM Aug 07, 2008 by Jerry Waldorf in Sun | Comments[5]
Jerry,
I love the way open source SPML components are developing, and this diagram is a nice simple breakdown.
Is there any reason why you couldn't eliminate the SIM component and use OpenPTK straight on top of keychain?
Posted by bluesheep on August 21, 2008 at 04:34 AM PDT #
It is possible to use OpenPTK to provision users directly to an application through the Keychain Gateway. Because OpenPTK can communicate using SPMLv2 over HTTP to the Keychain Gateway which supports this same protocol. Ahh, the benefits of Web Services and standard protocols!
The benefit of using an Identity Provisioning Engine in the middle like Sun's Identity Manager is that it can handle a large number of Targets with complex rules and workflows. It can handle adding the user to the correct systems based on complex rules and workflow approval processes. This allows the OpenPTK to focus on a simple interface to the administrator or user that allows her to add a user. And leave it up to the Identity Manager to determine which systems that user should be added to and with what roles she should have. And finally the Keychain Gateway can deal with integrating to the legacy applications so that the Identity Manager can focus on rules and workflows not integration.
Dividing up the task into three parts (OpenPTK, Identity Manager, and Keychain) allows each to do what it is best at.
Posted by Jerry Waldorf on August 22, 2008 at 01:04 PM PDT #
Just wonder what is the role of Keychain SPML gateway if Sun IDM can talk natively to the backend application though it is not SPML-enabled? Should I develop native IDM resource adapter instead?
Posted by Ken on February 03, 2009 at 10:47 PM PST #
cheap Archlord gold
Posted by cheap Archlord gold on February 26, 2009 at 12:48 AM PST #
Tibia Platinum
Posted by Tibia Platinum on March 13, 2009 at 07:35 PM PDT #