BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Ron Monzillo on Java Identity API and JSR 351

| by Srini Penchikala Follow 6 Followers on Oct 15, 2011. Estimated reading time: 2 minutes |

The Java Identity API provides a Java framework for representing and interacting with identity attributes in the applications. Ron Monzillo, specification lead for JSR 351, the spec for this API, spoke at the JavaOne 2011 Conference last week. He discussed the JSR proposal scope, its current state and future plans for the specification.

Ron talked about the current state of identity in enterprise Java applications. The lack of adequate interfaces in the Java platform is forcing application developers to rely on non-standard interfaces which is resulting in inconsistent, poorly integrated and inferior support for network identity.

JSR 351 will provide a uniform, domain model independent, Java framework for representing and interacting with identity attributes. It has three main goals as follows:

  • Standardize Representation of Identity in Java: This includes standardizing the attribute interfaces where attributes are named, multi-valued and meta-data qualified. The standards will include meta-data like the issuer, time-of-issue, validity period, and usage-constraints. The model will represent identity in a form that is compatible with its use within the interfaces of the Java Security Model and the identity can be propagated between Java systems for interoperability requirements.
  • Promote Attribute Service: This is the local point of reference for applications and encapsulates the diverse repository protocols and locations. This is the-authoritative representation of source, validity, and related meta-data. It will provide the authorization and auditing of application use of identity attributes in support of compliance with identity governance model.
  • Standardize a Declarative Programming Style: This includes a client-side Java framework for consumption, generation, propagation, and governance of identity attributes. It's based on Dependency Injection principles and takes care of the virtualization of source. AccessControlContext represents the actors involved in the use case.

The scope doesn't include the standardization of a fixed set of identity attributes (i.e., a specific domain model) that Java developers should use. This should be the responsibility of specific communities or application architects.

The interface architecture includes three layers:

  • Layer 1: Representation and JRE Integration
  • Layer 2: Services
  • Layer 3: Application Development

The specification is targeted for compatibility with Java SE and Java EE platforms beginning with version 6.0. It has completed the approval ballot. The next steps are to form an expert group and develop a Reference Implementation (RI) for the specification. The Reference Implementation will be developed as an open source project within java.net, under Apache License, version 2.0.

The proposed timeline for JSR 351 specification includes an early draft targeted for March 2012, public review by July 2012 and the final release to be out by early 2013. For More Information about the JSR, readers can check out the specification and the TCK or volunteer for the Expert Group.
 

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT