This wiki space contains archival documentation of Project Bamboo, April 2008 - March 2013.
Bamboo's centrally-hosted services include an IAM (Identity and Access Management) suite, Collection Interoperability Hub, and proxy services to remotely-hosted tools for scholarship. This set of services runs on FUSE ESB, an enterprise distribution of Apache's open-source ServiceMix (acquired in 2012 by RedHat). A number of additional, open-source technologies are required to support these services, including Apache Web Server (httpd), and Grouper.
Information on the centrally-hosted services' architectural overview; a service developer "workbench" environment in which to extend or develop services; sys admin documentation for deployment of additional technologies in support of services; and the services' API are organized in this section of the Bamboo documentation, as follows:
|Technology Component(s)||Documentation Link(s)||Notes|
|Developer toolkit||Developer Workbench Environment for BSP Service Developers||Java, Maven, Eclipse and IDE plugins, required filesystem directories, required environment variables|
|FUSE ESB||Developer Workbench Environment for BSP Service Developers||Core element of Bamboo Services Platform (BSP, the deployment container for centrally-hosted services whose APIs are linked from Service APIs - Centrally-Hosted Bamboo Services)|
|PostgreSQL database||Developer Workbench Environment for BSP Service Developers||Relational database providing persistence for BSP-deployed services|
|Core BSP-deployed services||Developer Workbench Environment for BSP Service Developers||Core services, including those that support IAM|
|Apache Web Server (httpd)||Configure Apache Web Server for Client Auth||httpd supports client auth (authenticating trusted client applications), as well as proxy-forwarding over AJP of BSP services|
|Grouper||Grouper Install - Configure - Populate||Grouper provides persistence for the "Application Catalog" (known/trusted client applications in the Bamboo Trust Federation); as well as for user-created and -managed groups|
|Application Catalog data||Maintaining Application Catalog Data for Trusted Clients||For an application to be trusted (a key element of gaining permission to invoke services protected by policies that restrict access), Application Catalog data must be maintained.|
|Trust Federation metadata||Maintaining SAML Metadata that establishes a Trust Federation||Identity providers and service providers trusted within the Bamboo Trust Federation must be identified with SAML metadata.|
|Social/SAML Gateway||Social/SAML Gateway to enable social media identity provision||A Social/SAML gateway must be a part of the Authentication 'machinery' if social media Identity Providers (e.g., Google) are to be used for user logins.|
When policies in effect restrict access to anonymous users or anonymous applications, only "Trusted Applications" can succeed in invoking the affected services. Only "Trusted Applications" can assert the identity of a user to BSP-deployed services (anonymous client apps imply anonymous users).