News

The content has been bookmarked!

There was an error bookmarking this content! Please retry.

Ron Monzillo on Java Identity API and JSR 351

Posted by Srini Penchikala on Oct 15, 2011

Sections: Architecture & Design,; Development
Topics: JavaOne2011 ,; Java One ,; Java ,; Identity Management ,; Languages ,; Security ,; Programming

The Java Identity API provides a Java framework for representing and interacting with identity attributes in the applications. Ron Monzillo, specification lead for JSR 351, the spec for this API, spoke at the JavaOne 2011 Conference last week. He discussed the JSR proposal scope, its current state and future plans for the specification.

Ron talked about the current state of identity in enterprise Java applications. The lack of adequate interfaces in the Java platform is forcing application developers to rely on non-standard interfaces which is resulting in inconsistent, poorly integrated and inferior support for network identity.

JSR 351 will provide a uniform, domain model independent, Java framework for representing and interacting with identity attributes. It has three main goals as follows:

Standardize Representation of Identity in Java: This includes standardizing the attribute interfaces where attributes are named, multi-valued and meta-data qualified. The standards will include meta-data like the issuer, time-of-issue, validity period, and usage-constraints. The model will represent identity in a form that is compatible with its use within the interfaces of the Java Security Model and the identity can be propagated between Java systems for interoperability requirements.
Promote Attribute Service: This is the local point of reference for applications and encapsulates the diverse repository protocols and locations. This is the-authoritative representation of source, validity, and related meta-data. It will provide the authorization and auditing of application use of identity attributes in support of compliance with identity governance model.
Standardize a Declarative Programming Style: This includes a client-side Java framework for consumption, generation, propagation, and governance of identity attributes. It's based on Dependency Injection principles and takes care of the virtualization of source. AccessControlContext represents the actors involved in the use case.

The scope doesn't include the standardization of a fixed set of identity attributes (i.e., a specific domain model) that Java developers should use. This should be the responsibility of specific communities or application architects.

The interface architecture includes three layers:

Layer 1: Representation and JRE Integration
Layer 2: Services
Layer 3: Application Development

The specification is targeted for compatibility with Java SE and Java EE platforms beginning with version 6.0. It has completed the approval ballot. The next steps are to form an expert group and develop a Reference Implementation (RI) for the specification. The Reference Implementation will be developed as an open source project within java.net, under Apache License, version 2.0.

The proposed timeline for JSR 351 specification includes an early draft targeted for March 2012, public review by July 2012 and the final release to be out by early 2013. For More Information about the JSR, readers can check out the specification and the TCK or volunteer for the Expert Group.

Srini Penchikala currently works as Security Architect and has 17 yrs of experience in software product management.