WaTTS the Token Translation Service

Copyright © 2015-2017 SCC/KIT

Authors: Bas Wegh.

Introduction

WaTTS is an application to 'translate' OpenID Connect (oidc) information into information specific to a use case. One Example is the translation from oidc to an x509 certificate.

The general architecture of the application is split into two parts, the WaTTS server, which this documentation is about. The other part is the WaTTS client ui, a Java script single page application that uses the rest interface of the WaTTS server.

The translation from the OpenID Connect information another service specific representation is done in two steps:

The result of this translation is then presented to the user.

WaTTS is started using the OTP application behaviour, the module implementing it is watts_app. The supervision tree looks as follows. The list is in order of execution, the ordering is depth first, so 1.2 gets started before 2. List entries without a number are dynamicly created at run time and none at the loading phase.
  1. watts_sup (supervisor, registered)
    1. watts_sessions_sup (supervisor, registered) ensures that all sub processes keep running
      1. watts_session_sup (supervisor, registered, simple_one_for_one) will handle dynamically created sessions.
        • watts_session (worker, dynamic) a dynamic session at the rest/web interface.
      2. watts_session_mgr (worker, registered) a process to ensure that creation of sessions are serialized so no race conditions can occur.
    2. watts_rsp_keys_sup (supervisor, registered, simple_one_for_one) the supervisor for the rsp key fetcher
    3. watts_plugin_sup (supervisor, registered, simple_one_for_one) dynamically creating processes to run plugins.
    4. watts_plugin (worker, registered) a generic interface to plugin related information retrieval and actions.
    5. watts_ets (worker, registered) the ets database process
    6. watts_persistent_sqlite (worker, registered) the sqlite database driver
    7. watts_temp_cred_sup (supervisor, registered, simple_one_for_one) handling very short living credential data processes.
    8. watts_temp_cred (worker, registered) Holds one translation, stops itself after either 10 seconds (configurable) or after once the data has been read, what ever happens first.
    9. watts_init (worker) The configuration of the system.

The server is configured after all modules (code) is loaded by the module. Have a look at watts_init regarding the initialization phase.

WaTTS uses different other Erlang/OTP application to perform the needed functionality, the important ones are: The complete list can be found in the file rebar.conf, section deps.

Generated by EDoc