Page tree
Skip to end of metadata
Go to start of metadata

Session looking at the commonality between OpenIG and OpenAM agents:

  1. Session with interested parties to discuss the overlap between agents and IG.

    1. Customer parties

    2. ForgeRock: IG reps, Jamie Bowen

  2. Identified the following items:

    1. Common

      1. Function

        1. OpenAM clients

        2. Authorization enforcement

      2. Standards

        1. OpenID Connect

    2. Functional

      1. Agents

        1. CDSSO

        2. Post-data Preservation (PDD)

      2. OpenIG

        1. Reverse-web-proxy

        2. Password-replay

        3. API security

        4. SAML support

        5. STS

        6. Flexibility

          1. Any PDP - not OpenAM-specific

          2. Request/ response transformation

          3. Filter scripting

          4. Possible future exposure of Filter interface(?)

    3. Non-functional

      1. Deployment

        1. OpenIG deployed as war - non-intrusive

          1. Requires network link between IG and downstream application to be secured

        2. Agents deployed as jar or Apache module

          1. Container-specific

          2. Resides in same app (or container)

      2. Performance

        1. C agent directly deployed in Apache

          1. Need to determine performance difference

          2. Can we use C agent perf client? Http client?

  3. Miscellaneous points:

    1. Central management of distributed components

      1. No dashboard functionality

    2. IG deployment preferences:

      1. Standalone

      2. Dockerized image of interest

    3. Deployment flexibility:

      1. Container support

      2. Difficulty patching/ managing stakeholders

      3. Difficulty evolving - e.g. SAML to OpenId

  • No labels