Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[higgins-dev] RE: M4 Architecture



Higgins is, thankfully, a rather thin layer that mostly does “context provider management”. It maintains an internal registry of context providers, it creates and manages a set of context proxy objects (currently called ContextLinks (bad name) in M3) to hold delegate references to the Contexts that it’s managing, it provides context open/close methods and an API to access their contents, etc. I have a feeling that what I’ve described is most or all of what you have in mind when you say “IdAS”. So if you split out the matcher, etc. components as I mentioned then Higgins would be an IdAS.


I’ve not figured out how to split them out, so I’ve left them in there for now. But as you correctly point out this leaves us with what’s probably a bug in the diagram: the STS should probably consume the Higgins API (remember it’s mostly just a context manager) not the CPI as is shown. That’s the current state of affairs, but it will evolve.


Baber wrote:


I actually like the API layer on top that provides a common developer view of Matcher and Selector.  Just would like to have Matcher, H-Tag Manager and STS talk to IdAS(API) on the bottom and not to CPI (SPI).



>>> "Paul Trevithick" < paul@xxxxxxxxxxxxxxxxx > 4/1/2006 6:18:28 pm >>>
Baber and Raj,

Yes I did make the change that Baber referred to. In Provo we were moving
very fast and the diagram was evolving quickly. The current architecture does reflect my latest, best

I have not yet been able to split out as a single unit these three:
{Matcher, Digital Identity Selector UI support and H-Tag Manager} and make
them their own layer above what is currently drawn in as the API. I agree
vehemently that if things can be cleanly separated and split out, they
should be. As these components come into more focus we'll be able to see
more clearly if and where the cut can be made.


-----Original Message-----
From: Nataraj Nagaratnam [mailto:natarajn@xxxxxxxxxx]
Sent: Saturday, April 01, 2006 8:01 PM
To: Baber Amin
Cc: Anthony Nadalin; Duane Buss; Dale Olds; higgins-dev@xxxxxxxxxxx ; Igor
Tsinman; Jan Camenisch; John Calcote; Jim Sermersheim; Juan Carlos Luciani;
'Mary Ruddy'; John Merrells; Michael McIntosh; Paul Trevithick; Pat Felsted;
Tom Doman; Valery Kokhan
Subject: Re: M4 Architecture

Thanks for bringing this to attention/discussion, Baber. I didn't realize
this change ...

One liner is my view is -- IdAS is the API, CPI is the SPI.

IdAS is a fundamental concept and important. That is what applications
(including STS, etc) will know and use .. for those who are not identity
provider savvy, all they need to know is the IdAS. If collaboration sites,
transaction applications, need to use Higgins and they ask us what to do ..
then we tell them that the programming model - IdAS is what you need to
know about. They do not need to worry about context providers. For those
site providers who need to participate in a given identity metasystem, then
CPI is a way for them to plug into that system. Thus, in a framework
provider model ... I see IdAS as the "API" that others (applications
including STS, or other apps that need identity info, etc) can talk to. CPI
is the pluggable "SPI" that allows providers to be plugged into a metasystem
and thus accesible through an IdAS.


ps: i am using the term metasystem loosely here ;) .. to get the point
across about various contexts can be accessed through a system where those
contexts are 'registered' in some sense.

"Baber Amin" < baber@xxxxxxxxxx >

04/01/2006 07:17 PM


< higgins-dev@xxxxxxxxxxx >, "Tom Doman" < TDoman@xxxxxxxxxx >, Anthony


"Duane Buss" < DBuss@xxxxxxxxxx >, "Dale Olds" < DOlds@xxxxxxxxxx >, "John
Calcote" < JCALCOTE@xxxxxxxxxx >, "Jim Sermersheim" < JIMSE@xxxxxxxxxx >, "Juan
Carlos Luciani" < JLUCIANI@xxxxxxxxxx >, "Pat Felsted" < PFELSTED@xxxxxxxxxx >,
"Igor Tsinman" < igor@xxxxxxxxxxxxx >, "Valery Kokhan" < valery@xxxxxxxxxxxxx >,
"'Mary Ruddy'" < mary@xxxxxxxxxxxxxxxxx >, "Paul Trevithick"
< paul@xxxxxxxxxxxxxxxxx >, "John Merrells" < merrells@xxxxxxxx >, Michael
McIntosh/Watson/IBM@IBMUS, Nataraj Nagaratnam/Raleigh/IBM@IBMUS, "Jan
Camenisch" < jca@xxxxxxxxxxxxxx >


M4 Architecture

Hi Folks, the picture at the URL below has renamed IDAS to Context
Provider Interface. They might perform the same function, but I feel
that we need to have IDAS with a very thin CPI layer under it for the
context providers to plug into.

I see IDAS as a major Higgins component to be used on back-end services
where we won't need anything above it. This is where IDAS and Higgins
act as a identity normalization layer. Having just a CPI there feels
empty. Even in the M4 picture, we see the top of CPI talking to STS.
Since an STS is not a context provider it should not be talking to that
interface, the top of the CPI should be IDAS.

Do you agree Paul?

[attachment "higgins web integration 060315_1.JPG" deleted by Nataraj

Back to the top