-## Proposed changes
+## Revised Client Architecture
+(Note that an alternative proposal is under discussion in the mailing list thread starting at <https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=MOONSHOT-COMMUNITY;bb2718c3.1112>)
-The architecture of the initial implementation needs to be re-factored to with give better Model, View, Controller separation, allowing for:
+The architecture of the initial implementation needs to be re-factored to give better Model, View, Controller separation, allowing for:
- more ways of interacting with the server than the ID Selector App and Web Provisioning;
- different storage strategies;
- ease of maintenance.
+
+Specific requirements from the Statement of Work are
+
+ 6.1 Abstract the interface between the Identity Selector and its backend datastore.
+ This is required to allow different such datastores to be used at will (e.g. Gnome
+ Keyring, Mac Keychain, etc).
+
+ 6.2 Abstract the interface between the core logical component of the Identity Selector
+ and the current UI elements. This is required to enable other interfaces to the Identity
+ Selector to work, such as a platform specific UI or a Command Line Interface to enable
+ headless operation. Any policy or invariant or constraint logic currently independent of
+ the core logical component must be abstracted into the core so that no matter what
+ backend datastore or UI frontend is used, all policy or invariant or constraint logic is
+ always used and enforced.
+
### Overview
This diagram shows the proposed new architecture.
The re-factored Moonshot Client software will have the following components:
-*_identity-server_* shared library offering C and Vala APIs.
+*_identity-manager-app_* a GUI application allowing the User to manage identities which are provisioned on the client machine using the APIs provided by:
-- provides Create / Read / Update / Delete functionality for IDs
-- is the only means of accessing the identity-storage-server
-- includes the server functionality initially implemented in UI
+*_identity-manager-ui-lib_* a shared library offering C and Vala Create / Read / Update / Delete APIs allowing applications to manage the identities which are provisioned on the client machine while interacting with the User.
-*_identity-storage-server_* encapsulates the Identity Store in a shared library offering a CRUD API to access the store.
+*_identity-manager-lib_* a shared library offering C and Vala Create / Read / Update / Delete APIs allowing applications to manage the identities which are provisioned on the client machine *without* interacting with the User. It is the only means of accessing the _identity-storage-server_.
-- protects the store from multiple concurrent write access
-- re-implemented per platform and per storage strategy so
+*_identity-storage-server_* encapsulates the Identity Store in a library offering a CRUD API which _identity-manager-lib_ uses to access the store.
--- one version each for Linux, Mac OS and Windows, local storage. DBus provides an appropriate mechanism under Linux and Mac OSX for protecting the store from multiple concurrent write access. It is not supported on Windows, so the Windows implementation will use a different mechanism.
--- one version for web storage, restful API. (Not in scope for this iteration).
--- other versions as required for different storage solutions (Not in scope for this iteration).
+*_identity-provisioning_* - not implemented in the initial implementation. Provides CRUD operations via files and via the command line. Implemented in portable code as far as possible. Uses _identity-manager-lib_ and *_identity-manager-ui-lib_*. Consists of:
-*_identity-provisioning_* - not currently implemented. Provides CRUD operations via (for now) .msht and XML files, and via command line. Implemented in portable code as far as possible. Uses *_identity-server_*. Consists of
+- *_identity-provisioning-file-handler_* - processes .msht (and, in future iterations, json, and maybe other format) files for file-based provisioning operations. .msht is an an XML-based file format. The MIME type is 'application/moonshot+xml'. An association is created on install so that these files are automatically opened by _identity-provisioning-file-handler_ when clicked. Currently implemented as *_moonshot-webp_*, allowing only install access. In future iterations it will also allow uninstall/revoke access.
-- *_identity-provisioning-file-handler_* - processes .msht (and XML and/or json, and maybe other format) files for file-based provisioning operations. Currently implemented as *_moonshot-webp_*, allowing only install access. Should also allow uninstall/revoke access.
- *_identity-provisioning-cli-handler_* - provides a command line API to identity CRUD functions
-All of the components will be implemented in Vala. The shared libraries will be built with the -H option to enable access from C code, and introspection generated to allow use from other languages..
+All of the components will be implemented in Vala.
-### _identity-server_ detail
+### Detail _identity-manager-app_ component
+This app uses the APIS provided by _identity-manager-ui-lib_ to provide a UI allowing the User to manage their stored identities.
-Implemented as a shared library in Vala.
+### Detail _identity-manager-ui-lib_ component
-Replaces the libmoonshot component from the initial implementation.
+Implemented as a shared library in Vala. Built with the -H option to enable access from C code, and introspection generated to allow use from other languages.
-Owns the public APIs for accessing the Identity Store (rather than exposing APIs provided via DBus by moonshot-ui).
+Provides APIs which can be used by _identity-manager-app_, by _identity-provisioning_ components needing to interact with the user, and other applications which need to interact with the user in selecting the identity they will use to access an internet service. These are the APIs provided by _libmoonshot_ in the initial implementation.
-Provides new APIs needed by moonshot-ui to manage identities (e.g. CreateNewIdCard(), UpdateIdCard(), DeleteIdCard()) as well as the existing APIs provided by lib-moonshot (getIdentity(), GetDefaultIdentity(), InstallId_card()).
+It *uses* APIs provided by _identity-manager-lib_ to access the Identity store.
-Uses the APIs provided by the *_identity-storage-server_* component (_-dbus-local-storage-server_ on Linux and Mac, _-windows-local-storage-server_ on Windows).
+Implemented in Vala using GTK widgets, reusing code from src/moonshot-window.vala and other UI related code..
+
+### Detail _identity-manager-lib_ component
-Uses GTK widgets for simple input from User.
+Implemented as a shared library in Vala. Built with the -H option to enable access from C code, and introspection generated to allow use from other languages.
-### _moonshout-ui_ detail
+Owns the public APIs for accessing the Identity Store (rather than, as in the initial implementation, exposing the APIs provided via DBus by _moonshot-ui_).
-This is now just an App for managing Identities. It's *only* function is to allows a User to manage Identities and Services.
+Provides equivalent APIs to those provided by _identity-manager-ui-lib_ (and in the initial implementation by _lib-moonshot_) but with no UI. It is used
-It no longer owns the IdentityStore.
+- by _identity-manager-ui-lib_ ;
+- by other applications to obtain the identities they need to access internet services *without interacting with the user*;
+- by _identity-provisioning_ components to provision identities *without interacting with the user*.
-It no longer *provides* APIs (via DBus) for use by others via libmoonshot.
+Provides new APIs needed by _identity-manager-ui-lib_ and _identity-provisioning_ components, to manage identities (e.g. CreateNewIdCard(), UpdateIdCard(), DeleteIdCard()).
-Instead, it *uses* APIs provided by libmoonshot.
+Uses the APIs provided by the *_identity-storage-server_* component (_-dbus-local-storage-server_ on Linux and Mac, _-windows-local-storage-server_ on Windows).
+
+It has no UI, so that it can be used in circumstances where interaction with a user is not possible (e.g. in headless servers). Any needed interaction with the User is done by client software.
+
+**Implementation Note:** In this architectural view, _identity-manager-ui-lib_ and _identity-manager-lib_ have distinct roles. They could therefore be implemented as separate libraries, but it is probably better to combine them in a single library. In my view this would have advantages both for those implementing and for those using the software.
-Implemented in Vala using GTK widgets.
+### Detail _identity-storage-server_ component
+- is accessed directly *only* by _identity-manager-lib_.
+- protects the store from multiple concurrent write accesses.
+- re-implemented per platform and per storage strategy so:
-### _identity-provisioning_ detail
+ * one version each for Linux, Mac OS and Windows, local storage. DBus provides an appropriate mechanism under Linux (and possibly Mac OS X) for protecting the store from multiple concurrent write access. DBus is not supported on Windows, so the Windows implementation will use a different mechanism. This version will re-use storage-related code from src/moonshot-window.vala etc. The Mac implementation will either use DBus, or it will use the Mac OS X Keychain to store identities (see mailing list thread beginning [here](https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1112&L=MOONSHOT-COMMUNITY&F=&S=&X=2C162240A9A66326F2&P=3272)).
+ * one version for web storage, restful API. (Not in scope for this iteration).
+ * other versions as required for different storage solutions (Not in scope for this iteration).
-The *_identity-provisioning-file-handler_* component replaces the moonshot-webp component. It provides the same InstallIdentityCard() functionality as the moonshot-webp component in the initial implementation, as well as new functions to uninstall and revoke identities. It has no UI - any interaction with the User is done when the file is processed by the *_identity-server_*
-The *_identity-provisioning-cli-handler_* component is not part of the current iteration. In a future iterations it is intended to provide via the command line the same functionality as *_identity-provisioning-file-handler_* provides via files.
+### Detail _identity-provisioning_ component
+
+The *_identity-provisioning-file-handler_* component replaces the moonshot-webp component. It provides the same InstallIdentityCard() functionality as the moonshot-webp component in the initial implementation. In future iterations, it will provide new functions to uninstall and revoke identities.
+
+The *_identity-provisioning-cli-handler_* component is not part of the current iteration. In a future iterations it is intended to provide via the command line the same functionality as *_identity-provisioning-file-handler_* but without requiring any interaction with the user.
### Use Case Implementation
-The re-factored software is designed to implement the following use cases that were part of the first iteration:
+The re-factored software is designed to implement the following use cases that were part of the initial implementation:
1. User installs and identity by clicking on a .msht file downloaded from the Web
1. User creates and installs an identity card using the UI
It is designed to extend the above Uses cases as follows:
1. User can install .msht files when attached to emails
-1. User can use .msht files can be used to delete or revoke identities
-1. User can create, view, update and delete installed identities via the command line
+1. User can use .msht files to delete or revoke identities
+1. User can create, view, update and delete installed identities via the command line
1. User can create, view, update and delete installed identities using a script file
-Not all of these will be implemented in the current phase, but the software will be implemented in a way that facilitates their implementation if future phases.
+Not all of these will be implemented in the current phase, but the software will be implemented in a way that facilitates their implementation in future phases.
+
projects / devwiki.git / blobdiff