Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Session looking at the commonality between OpenIG and OpenAM agents:

  1. Session with interested parties to discuss the overlap between agents and IG.

    1. Customer parties: Aspect, Kainos (MoJ), DPC Consulting

    2. ForgeRock: IG reps, Jamie Bowen

  2. Identified the following items:

    1. Common

      1. Function

        1. OpenAM clients

        2. Authorization enforcement

      2. Standards

        1. OpenID Connect

    2. Functional

      1. Agents

        1. CDSSO

        2. Post-data Preservation (PDD)

      2. OpenIG

        1. Reverse-web-proxy

        2. Password-replay

        3. API security

        4. SAML support

        5. STS

        6. Flexibility

          1. Any PDP - not OpenAM-specific

          2. Request/ response transformation

          3. Filter scripting

          4. Possible future exposure of Filter interface(?)

    3. Non-functional

      1. Deployment

        1. OpenIG deployed as war - non-intrusive

          1. Requires network link between IG and downstream application to be secured

        2. Agents deployed as jar or Apache module

          1. Container-specific

          2. Resides in same app (or container)

      2. Performance

        1. C agent directly deployed in Apache

          1. Need to determine performance difference

          2. Can we use C agent perf client? Http client?

  3. Miscellaneous points:

    1. Central management of distributed components

      1. No dashboard functionality

    2. IG deployment preferences:

      1. Standalone

      2. Dockerized image of interest

    3. Deployment flexibility:

      1. Container support

      2. Difficulty patching/ managing stakeholders

      3. Difficulty evolving - e.g. SAML to OpenId

  • No labels