Skip to main content
This revision made December 20, 2012 21:21, by monzillo

JSR 351: Java Identity API Specification

Welcome to the home page of the Java Identity API specification. Information on the progress of the creation of the specification is available to the public from this page. Links on the left-hand-side panel lead to the various publicly readable mailing lists, source code repository and issues tracker.


The objective of this project is to define application programming interfaces and identity interaction models that facilitate and control the use of identity by applications and in access control decisions.

To meet this objective, we will define interfaces that are integrated with the Java security model and that enable a declarative application programming style. We will also define interfaces to attach meta-data to identity attributes (e.g., email address, social security number, bank account number, date of birth, nationality, gender) and a vocabulary of identity characterizing meta-data (e.g., issuer, validity period, usage constraints) to be used in support of the identity interaction models. We will define an attribute service as the point of governance and of interaction with distributed sources of identity. We will also define interfaces that do the following:

  • Enable applications to act both as consumers and as providers of attributes
  • Facilitate the insertion of access control checks in applications and the use of attributes in access control decisions
  • Allow users to authorize disclosure and use of their identity attributes
  • Sustain the protection of identity attributes during their propagation between applications and systems


 A developer creates a prescription renewal application for use by subscribers of a health care provider. The developer uses the Java Identity API to reference attributes of the subscriber such as  subscriber identifier, preferred pharmacy, renewable prescriptions, and service affiliation groups. The developer may also utilize attribute meta-data such as the last time the attributes were updated.
 The developer does not describe how the attributes are to be obtained. When the application is deployed by a specific health care provider, the attribute references are resolved against the distributed attribute sources and user authentication tokens in use by the health care provider. This linkage is established without recompiling or changing the application. Further, the governance aspects of the API support tracking and managing the use of attributes both within the application and in its communication with other components. 
Difference compared to previous revision
*[ ''Nobis'' Open Source Project] is now public! *[[Meeting Minutes]] *[[Schedule]] ==Overview
Please Confirm