OSIS Abstract Architecture

From OSIS Open Source Identity Systems

Documents

Please refer to OSIS Architecture 0.1.0.6 (PDF) or OSIS Architecture 0.1.0.6 (OpenOffice).

Discussion

From Technical Insights Did you construct InfoCard as a set of interacting components? If so, which?

Answered by Arun Nanda, Microsoft:

Infocard is a set of interacting components factored at suitable boundaries. For example, at a coarse level, there is the Identity Selector which essentially includes a protocol module (to interact with STS'es to obtain tokens) and the UI module (with the security characteristics of protected desktop). Then there is the Card Store, which plugs in underneath the Identity Selector, which securely stores a user's card collection and the Ledger that tracks a user's usage of cards at various sites/services. Then there is the Self-Issued Identity STS that acts as the identity provider for self-issued cards. These are system level components which are collectively exposed to an application at the platform level. In other words, an app that relies on Infocards is not aware of the seams between the interacting components that make up the Infocard system.

Further questions on this topic by Joaquin Miller, NetMesh:

Are the following correct?

The interface exposed to an application does not include access to the Ledger.

The interface exposed to an application for access to the Card Store is the configure operation. When that operation is invoked, one of the system level components takes over and presents a user interface to the user. An application has no access to the Card Store.