0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose<?xml version="1.0" encoding="UTF-8"?>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose<chapter xml:id="chap-overview"

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose xmlns="http://docbook.org/ns/docbook"

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose version="5.0"

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose xml:lang="en"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose xsi:schemaLocation="http://docbook.org/ns/docbook

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose xmlns:xlink="http://www.w3.org/1999/xlink">

58aa8d645fa95641431a2828e985f80c7fc36465Lukas Slebodnik <title>Architectural Overview</title>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <indexterm><primary>Architecture</primary></indexterm>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>The following figure provides an overview of the OpenIDM architecture,

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose which is covered in more detail in subsequent sections of this chapter.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <mediaobject xml:id="figure-openidm2-architecture">

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <alt>OpenIDM architecture</alt>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <imageobject>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <imagedata fileref="images/openidm2-architecture.png" format="PNG" />

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </imageobject>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <textobject>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>OpenIDM consists of infrastructure modules running in an OSGi

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose framework, exposing core services through RESTful APIs to client

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose applications.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </textobject>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </mediaobject>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <section xml:id="openidm-modular-framework">

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <title>OpenIDM Modular Framework</title>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <variablelist>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>The OpenIDM framework is based on OSGi.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>OSGi</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>OSGi is a module system and service platform for the Java

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose programming language that implements a complete and dynamic component

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose model. For a good introduction, see the <link xlink:show="new"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:href="http://www.osgi.org/About/WhyOSGi">OSGi</link> site.

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose While OpenIDM services are designed to run in any OSGi container,

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose OpenIDM currently runs in <link xlink:show="new"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:href="http://felix.apache.org/site/index.html">Apache

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose Felix</link>.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Servlet</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>The optional Servlet layer provides RESTful HTTP access to the

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose managed objects and services. While the Servlet layer can be provided by

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose many different engines, OpenIDM embeds Jetty by default.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </variablelist>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </section>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <section xml:id="openidm-infrastructure-modules">

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <title>Infrastructure Modules</title>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <variablelist>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>OpenIDM infrastructure modules provide the underlying features

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose needed for core services.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>BPMN 2.0 Workflow Engine</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>OpenIDM provides an embedded workflow and business process engine

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose based on Activiti and the Business Process Model and Notation (BPMN)

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose 2.0 standard.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>For more information, see <link

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:href="integrators-guide#chap-workflow"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:role="http://docbook.org/xlink/role/olink">

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <citetitle>Integrating Business Processes and Workflows</citetitle></link>.

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Task Scanner</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>OpenIDM provides a task scanning mechanism that enables you to

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose perform a batch scan for a specified date in OpenIDM data, on a

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose scheduled interval, and then to execute a task when this date is

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose reached.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>For more information, see <link

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:href="integrators-guide#task-scanner"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose ><citetitle>Scanning Data to Trigger Tasks</citetitle></link>.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Scheduler</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>The scheduler provides a <command>cron</command>-like scheduling

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose component implemented using the <link xlink:show="new"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:href="http://www.quartz-scheduler.org">Quartz library</link>. Use

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose the scheduler, for example, to enable regular synchronizations and

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose reconciliations.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>See the <link xlink:href="integrators-guide#chap-scheduler-conf"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose ><citetitle>Scheduling Synchronization</citetitle></link> chapter

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose for details.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Script Engine</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose The script engine is a pluggable module that provides the triggers and

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose plugin points for OpenIDM. OpenIDM currently supports JavaScript and

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose Groovy.

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Policy Service</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>OpenIDM provides an extensible policy service that enables you to

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose apply specific validation requirements to various components and

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose properties.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>For more information, see <link

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:href="integrators-guide#chap-policies"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose ><citetitle>Using Policies to Validate Data</citetitle></link>.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Audit Logging</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>Auditing logs all relevant system activity to the configured

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose log stores. This includes the data from reconciliation as a basis for

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose reporting, as well as detailed activity logs to capture operations on

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose the internal (managed) and external (system) objects.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>See the <link xlink:href="integrators-guide#chap-auditing"

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Using Audit

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose Logs</citetitle></link> chapter for details.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Repository</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>The repository provides a common abstraction for a pluggable

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose persistence layer. OpenIDM ${docTargetVersion} supports use

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose of MySQL to back the repository. Yet, plugin repositories can include

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose NoSQL and relational databases, LDAP, and even flat files. The

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose repository API operates using a JSON-based object model with RESTful

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose principles consistent with the other OpenIDM services. The default,

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose embedded implementation for the repository is the NoSQL database

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose OrientDB, making it easy to evaluate OpenIDM out of the box before

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose using MySQL in your production environment.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </variablelist>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </section>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <section xml:id="openidm-core-services">

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <title>Core Services</title>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <variablelist>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>The core services are the heart of the OpenIDM resource oriented

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose unified object model and architecture.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Object Model</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>Artifacts handled by OpenIDM are Java object representations of

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose the JavaScript object model as defined by JSON. The object model supports

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose interoperability and potential integration with many applications,

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose services and programming languages. As OpenIDM is a Java-based product,

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose these representations are instances of classes: <literal>Map</literal>,

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <literal>List</literal>, <literal>String</literal>,

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <literal>Number</literal>, <literal>Boolean</literal>, and

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <literal>null</literal>.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose OpenIDM can serialize and deserialize these structures to and from JSON

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose as required. OpenIDM also exposes a set of triggers and functions that

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose system administrators can define, in either JavaScript or Groovy, which

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose can natively read and modify these JSON-based object model structures.

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose OpenIDM is designed to support other scripting and programming languages.

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <varlistentry>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <term>Managed Objects</term>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <listitem>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <indexterm>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <primary>Objects</primary>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <secondary>Managed objects</secondary>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose </indexterm>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>A <firstterm>managed object</firstterm> is an object that

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose represents the identity-related data managed by OpenIDM. Managed objects

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose are configurable, JSON-based data structures that OpenIDM stores in its

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose pluggable repository. The default configuration of a managed object is

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose that of a user, but you can define any kind of managed object, for

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose example, groups or roles.</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <para>You can access managed objects over the REST interface with a query

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose similar to the following:</para>

0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose <screen>$ curl \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --cacert self-signed.crt \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --header "X-OpenIDM-Username: openidm-admin" \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --header "X-OpenIDM-Password: openidm-admin" \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --request GET \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose "https://localhost:8443/openidm/managed/..."</screen>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </listitem>

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose </varlistentry>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <varlistentry>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <term>System Objects</term>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <listitem>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <indexterm>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <primary>Objects</primary>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <secondary>System objects</secondary>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </indexterm>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <para><firstterm>System objects</firstterm> are pluggable representations

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose of objects on external systems. For example, a user entry that is stored

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose in an external LDAP directory is represented as a system object in

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose OpenIDM.</para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <para>System objects follow the same RESTful resource-based design

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose principles as managed objects. They can be accessed over the REST

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose interface with a query similar to the following:</para>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <screen>$ curl \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --cacert self-signed.crt \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --header "X-OpenIDM-Username: openidm-admin" \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --header "X-OpenIDM-Password: openidm-admin" \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose --request GET \

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose "https://localhost:8443/openidm/system/..."

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </screen>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <para>There is a default implementation for the OpenICF framework, that

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose allows any connector object to be represented as a system object.</para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </listitem>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </varlistentry>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <varlistentry>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <term>Mappings</term>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <listitem>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <indexterm>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <primary>Mappings</primary>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </indexterm>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <para><firstterm>Mappings</firstterm>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose define policies between source and target objects and their attributes

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose during synchronization and reconciliation. Mappings can also define

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose triggers for validation, customization, filtering, and transformation

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose of source and target objects.</para>

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose <para>See the <link xlink:href="integrators-guide#chap-synchronization"

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose ><citetitle>Configuring Synchronization</citetitle></link> chapter for

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose details.</para>

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose </listitem>

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose </varlistentry>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <varlistentry>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <term>Synchronization &amp; Reconciliation</term>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <listitem>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <indexterm>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <primary>Synchronization</primary>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose </indexterm>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <indexterm>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <primary>Reconciliation</primary>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose </indexterm>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <firstterm>Reconciliation</firstterm> enables on-demand and scheduled

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose resource comparisons between the OpenIDM managed object repository and

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose source or target systems. Comparisons can result in different actions,

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose depending on the mappings defined between the systems.

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose </para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <firstterm>Synchronization</firstterm> enables creating, updating, and

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose deleting resources from a source to a target system, either on demand or

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose according to a schedule.

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose </para>

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose <para>See the <link xlink:href="integrators-guide#chap-synchronization"

544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose ><citetitle>Configuring Synchronization</citetitle></link> chapter for

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose details.</para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </listitem>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </varlistentry>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </variablelist>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </section>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <section xml:id="commons-rest-commands">

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <title>Secure Commons REST Commands</title>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose <para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose As noted in the <link xlink:show="new"

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose xlink:href="integrators-guide#appendix-rest"

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"><citetitle>REST API

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose Reference</citetitle>, </link> Representational State Transfer (REST) is a

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose software architecture style for exposing resources, using the technologies

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose and protocols of the World Wide Web.

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose </para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose REST interfaces are commonly tested with a <command>curl</command> command.

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose Many of these commands are used in this document. They work with the

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose standard ports associated with Java EE communications, 8080 and 8443.

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose </para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose <para>

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose To run <command>curl</command> over the secure port, 8443, you must include

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose either the <command>--insecure</command> option, or follow the instructions

53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose shown in <link xlink:show="new" xlink:href="integrators-guide#rest-over-https"

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Restrict

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose REST Access to the HTTPS Port</citetitle></link>. You can use those

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose instructions with the self-signed certificate generated when OpenIDM

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose starts, or with a <filename>*.crt</filename> file provided by a

aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose certificate authority.

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose In many cases in this guide, <command>curl</command> commands to the secure

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose port are depicted with a <literal>--cacert self-signed.crt</literal> option.

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose Instructions for creating that <filename>self-signed.crt</filename> file

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose are shown in the aforementioned section on <link xlink:show="new"

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose xlink:href="integrators-guide#rest-over-https"

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Restrict

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose REST Access to the HTTPS Port</citetitle></link>.

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </section>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <section xml:id="openidm-access-layer">

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <title>Access Layer</title>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <variablelist>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <para>The access layer provides the user interfaces and public APIs for

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose accessing and managing the OpenIDM repository and its functions.</para>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <varlistentry>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <term>RESTful Interfaces</term>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <listitem>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <para>OpenIDM provides REST APIs for CRUD operations and invoking

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose synchronization and reconciliation for both HTTP and Java.</para>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <para>See the <link xlink:href="integrators-guide#appendix-rest"

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose xlink:role="http://docbook.org/xlink/role/olink"><citetitle>REST

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose API Reference</citetitle></link> appendix for details.</para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </listitem>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </varlistentry>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <varlistentry>

8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36cSumit Bose <term>User Interfaces</term>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <listitem>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose <para>User interfaces provide password management, registration,

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose self-service, and workflow services.</para>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </listitem>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </varlistentry>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </variablelist>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose </section>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose</chapter>

4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose