The initial document with Portal requirements and design ideas is here:
I started playing with interfaces for the API and SPI a bit (mainly ideas - nothing complete...). They are here:
The main concern about the API interfaces I see is where to put methods that update state. Like I wrote in the doc it can be either directly in the entity interfaces or in the common service class:
user.assignGroup(Group group); user.updateAttribute(String name, String values);
This is quite convenient but requires to attach reference to some context object to be able to delegate those methods calls. Another option is:
identityModule.assignGroup(User user, Group group); identityModule.updateAttribute(User user, String name, String values);
Less convenient but User and Group implementations can remain (more or less) plain POJOs
Another challenge I see in the design is about storing relationships between groups persisted in different stores. One solution is to just make one-to-one mapping between the GroupType and IdentityStore.