Architecture The following figure provides an overview of the OpenIDM architecture, which is covered in more detail in subsequent sections of this chapter. OpenIDM architecture OpenIDM consists of infrastructure modules running in an OSGi framework, exposing core services through RESTful APIs to client applications.

The OpenIDM framework is based on OSGi. OSGi OSGi is a module system and service platform for the Java programming language that implements a complete and dynamic component model. For a good introduction, see the OSGi site. While OpenIDM services are designed to run in any OSGi container, OpenIDM currently runs in Apache Felix. Servlet The optional Servlet layer provides RESTful HTTP access to the managed objects and services. While the Servlet layer can be provided by many different engines, OpenIDM embeds Jetty by default.

OpenIDM infrastructure modules provide the underlying features needed for core services. Scheduler The scheduler provides a cron-like scheduling component implemented using the Quartz library. Use the scheduler, for example, to enable regular synchronizations and reconciliations. See the Scheduling Synchronization chapter for details. Script Engine The script engine is a pluggable module that provides the triggers and plugin points for OpenIDM. OpenIDM currently implements a JavaScript engine. Audit Logging Auditing logs all relevant system activity to the configured log stores. This includes the data from reconciliation as a basis for reporting, as well as detailed activity logs to capture operations on the internal (managed) and external (system) objects. See the Using Audit Logs chapter for details. Repository The repository provides a common abstraction for a pluggable persistence layer. OpenIDM supports use of MySQL to back the repository. Yet, plugin repositories can include NoSQL and relational databases, LDAP, and even flat files. The repository API operates using a JSON-based object model with RESTful principles consistent with the other OpenIDM services. The default, embedded implementation for the repository is the NoSQL database OrientDB, making it easy to evaluate OpenIDM out of the box before using MySQL in your production environment.

The core services are the heart of the OpenIDM resource oriented unified object model and architecture. Object Model Artifacts handled by OpenIDM are Java object representations of the JavaScript object model as defined by JSON. The object model supports interoperability and potential integration with many applications, services and programming languages. As OpenIDM is a Java-based product, these representations are instances of classes: Map, List, String, Number, Boolean, and null. OpenIDM can serialize and deserialize these structures to and from JSON as required. OpenIDM also exposes a set of triggers and functions that system administrators can define in JavaScript which can natively read and modify these JSON-based object model structures. OpenIDM is designed to support other scripting and programming languages. Managed Objects Objects Managed objects A managed object is an object that represents the identity-related data managed by OpenIDM. Managed objects are configurable, JSON-based data structures OpenIDM stores in its pluggable repository. While the default configuration of managed objects is that of a user, any object may be defined through configuration. System Objects Objects System objects System objects are pluggable representations of objects on external systems. They follow the same RESTful resource based design principles as managed objects. There is a default implementation for the OpenICF framework, which allows any connector object to be represented as a system object. Mappings Mappings Mappings define policies between source and target objects and their attributes during synchronization and reconciliation. Mappings can also define triggers for validation, customization, filtering, and transformation of source and target objects. See the Configuring Synchronization chapter for details. Synchronization & Reconciliation Synchronization Reconciliation Reconciliation provides for on-demand and scheduled resource comparisons between the OpenIDM managed object repository and source or target systems. Comparisons can result in different actions depending on the mappings defined between the systems. Synchronization provides for creating, updating, and deleting resources from a source to a target system either on demand or according to a schedule. See the Configuring Synchronization chapter for details.

The access layer provides the user interfaces and public APIs for accessing and managing the OpenIDM repository and its functions. RESTful Interfaces OpenIDM provides REST APIs for CRUD operations and invoking synchronization and reconciliation for both HTTP and Java. See the REST API Reference appendix for details. User Interfaces User interfaces provide password management, registration, self-service, and workflow services.