Really simple, and in need of much securing, identity service. The idea is to keep it as close to, 'pass in a username and password', and get a principal back.
In its current state, or what will be, Identity is meant to be used within a trusted network by trusted users. Identity and whatever family of services it's a part of would be consumed by other trusted services, who's responsibility it would be to keep the "bad" out.
This is just a first pass and things are up for debate:
get / -> basic info about the server, that a consumer should know
get /catalogues -> list of catalogues, which are groups of realms
get /catalogues/:catalogue -> catalogue info
get /catalogues/:catalogue/realms -> list of realms for this catalogue
get /catalogues/:catalogue/realms/:realm -> realm info
get /catalogues/:catalogue/realms/:realm/principals -> list of identity
get /catalogues/:catalogue/realms/:realm/principals/:name -> identity info
Of course, there are some sane POST/PUT/DELETEs that need to be thrown in, and these need to be converted into tests, executable documentation FTW!
{
"name":"catalogue.name",
"metadata": {
}
}
{
"name":"my.realm",
"catalogue":{
"catalogue":"some.catalogue",
"metadata": {
}
}
}
{
"principal":"my name",
"token":"a SHA-1 of the other values",
"realm": {
"name":"my.realm",
"catalogue":{
"catalogue":"some.catalogue",
"metadata": {
}
}
}
"metadata": {
}
}
{
//hash of metadata, use dot notation to namespace and not overwrite things. At the very least 'service.key'
}
- As indicated in the example above, we can have '.' in the realm and catalogue names, the question is whether to treate these in some special way and further namespace on them?
- Moar Tests!
- Associate arbitrary meta-data with each data structure
- Use [ScalaCheck][http://code.google.com/p/scalacheck/] because it looks super neat
- Support for optionally signed requests, via a shared key (tampering)
- Trusted requesters (chain of trust vs masturbation)
- HTTPS by default, with support for off-loading
- Lockout those hammering the service with continual failures (might be easier to configure on the web server with anti-DoS)
- Support for more backends (rather than the file backed stuff, front other systems like LDAP, etc...)
- Install [SBT][http://code.google.com/p/simple-build-tool/downloads/list] verison 0.7.5
$> cd /home/you/where/you/put/the/source- cd to the root of the source directory$> sbt- Starts simple build tool console$> update</code - Pull down all the dependencies$> jetty- Run- Go to [http://localhost:8080] and you should see a basic page
$> sbt - Starts simple build tool console$> test - Execute all tests
Identity is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Identity is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with Identity. If not, see http://www.gnu.org/licenses/.
If you're ever working on an git+SBT project, such as this, use the following SBT processor: [https://github.com/paulp/git-sbt-processor]. It's not without its warts, as you can't commit through the SBT shell just yet, hopefully I'll get around to patching that.