3 Replies Latest reply on Jun 2, 2008 9:42 AM by tom.baeyens

    design of identitymodule in tempranillo

    kukeltje
    kukeltje Jun 1, 2008 8:35 PM

      Currently the identitymodule in tempranillo realy seams service based... however...

      The IdentityService is an interface as are Identity, User, Group and Membership. So I can easily implement my own LDAPIdentityService. Great...

      What I do not get is why the IdentityServiceImpl uses Commands which are DB specific. I'd imagined the commands would be generic (using interfaces) and use the configured IdentityService to do the real work. Or do I miss something (It's late)

      Further I'd suggest changing getDbid() in the Identity interface to something less implementation specific like getTechId() (casing!!). In LDAP the 'technical' id is called a DN, so DbId is rather strange.

      • 1860 Views
      • Tags:
        • 1. Re: design of identitymodule in tempranillo
          tom.baeyens
          tom.baeyens Jun 2, 2008 2:58 AM (in response to kukeltje)

           

          "kukeltje" wrote:
          The IdentityService is an interface as are Identity, User, Group and Membership. So I can easily implement my own LDAPIdentityService. Great...


          That is not the intention. And I believe it would be very hard to do.

          The main problems I see with a generic identity interface for DB & LDAP are :

          1) For DB/hibernate you can use lazy loading and hibernate proxies. So you can easily navigate the plain object model.

          In LDAP, you typically have navigation methods as part of your session facade.

          2) In situations as described in 1) and others, the session facade will be a compromise. Users have either a DB or an LDAP in their environment. So they don't want to take the compromise as for them, they want full access and power of either the DB or the LDAP solution.


          This discussion is interesting as inside of JBoss, there is an initiative to define exactly that identity interface with the DB and LDAP implementations. I will keep an eye on that to see what kind of compromise they will come up with. For the time being, we'll focus on a DB backed interface.

            • Actions
          • 2. Re: design of identitymodule in tempranillo
            kukeltje
            kukeltje Jun 2, 2008 8:38 AM (in response to kukeltje)

             

            1) For DB/hibernate you can use lazy loading and hibernate proxies. So you can easily navigate the plain object model.


            Lazy loading of users etc? Nahh.. do not need that. We have an ldap backend for our user management and never missed this. Most often (always?) this info is retrieved when it is needed
            (not lazy but direct). In the process it is just a String, right? I'll try experimenting with the pvm and identity module next week (after dublin) to see how it will behave.

            btw, I saw that the current development of usermanagement is in the tempranillo tree (you do have some tempranillo for us to consume in dublin do you?)

            I've seen the JBoss Identity project in cvs/svn. Will keep an eye on it to

              • Actions
            • 3. Re: design of identitymodule in tempranillo
              tom.baeyens
              tom.baeyens Jun 2, 2008 9:42 AM (in response to kukeltje)

              "
              In the process it is just a String, right?
              "

              right

              "
              btw, I saw that the current development of usermanagement is in the tempranillo tree
              "

              Dublin is the perfect occasion to get into an open discussion. Depending on the average level of the crowd.

              "
              you do have some tempranillo for us to consume in dublin do you?
              "

              we can always go on a quest for that after the meeting :-)

                • Actions