Identity Module in the Hyperty Runtime

[pchainho]

Following https://github.com/reTHINK-project/governance-security-implementation/issues/19

In D4.1 we have:

which does not take into account the Hyperty Runtime sandbox architecture as mentioned in D4.1:

For simplification purposes this design does not take into account the Hyperty Runtime sandboxing arch defined in D3.1 where IdModule and IdP (Protostub) Proxy are running in separated sandboxes and are only able to interact though the Message Bus.

Thus, the architecture should be:

@KCorre in my view they are aligned but the one I'm depicting above takes into account the sandboxing arch mentioned in D4.1, would you agree?

[KCorre]

Mmh, indeed. I'm bothered because either I added this text myslef or I missed it... sorry my mistake.

So that could work like that. What I don't really like is that inside the runtime the IdP Proxy would only be communicating with the IdModule (n to 1 relationship). So using all the messaging bus is a bit overkill for what could have been simple function call.

[KCorre]

But let's do it like that for now. Sorry for the confusion.

@Ricardo-Chaves

Hi Kevin,

we (INESC-ID) will implement the IdModule and test it by interacting with exiting IdPs. For these we will provide IdProxys. Additional IdPs should provide an IdProxy for the Runtime to instantiate.

We already deployed an IdP Server (OIDC Php by Nat Sakimura). It is available on: oidc-ns.kermit.orange-labs.fr We also tested some other IdPs (Python and NodeJS) but didn't deployed them.

We (Orange) are also interested in that development. Maybe we could arrange a meeting to discuss this task and how we can work together.