├── .gitignore ├── Illustration of Key Components.md ├── Modules.md ├── Scenarios ├── Air Force Portfolio Knowledge Management Capability.md ├── Example-Scenario-Format.md ├── Journal-of-Social-Media-for-Organizations (External Host).md ├── Journal-of-Social-Media-for-Organizations.md └── MIT-Login-to-Handshake.md ├── TrustFramework.md ├── TrustFrameworkCommentary.md ├── dtf-webapp ├── LICENSE.txt ├── card.json ├── pom.xml ├── screenshots │ ├── Dynamic_Trust_Framework_Webapp_-_2014-09-30_12.56.16.png │ ├── Screen Shot 2014-09-30 at 1.13.44 PM.png │ └── Screen Shot 2014-09-30 at 2.08.51 PM.png └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── mitre │ │ │ ├── dtf │ │ │ ├── model │ │ │ │ ├── Card.java │ │ │ │ ├── CardNode.java │ │ │ │ ├── Dependency.java │ │ │ │ ├── Instance.java │ │ │ │ ├── InstanceCard.java │ │ │ │ └── Tag.java │ │ │ ├── repository │ │ │ │ ├── CardRepository.java │ │ │ │ ├── InstanceRepository.java │ │ │ │ ├── TagRepository.java │ │ │ │ └── impl │ │ │ │ │ ├── JpaCardRepository.java │ │ │ │ │ ├── JpaDependencyRepository.java │ │ │ │ │ ├── JpaInstanceRepository.java │ │ │ │ │ └── JpaTagRepository.java │ │ │ ├── service │ │ │ │ ├── CardService.java │ │ │ │ ├── TagService.java │ │ │ │ └── impl │ │ │ │ │ ├── DefaultCardService.java │ │ │ │ │ └── DefaultTagService.java │ │ │ └── web │ │ │ │ ├── CardController.java │ │ │ │ └── TagController.java │ │ │ └── util │ │ │ ├── jpa │ │ │ └── JpaUtil.java │ │ │ └── json │ │ │ └── CardDeserializer.java │ ├── resources │ │ ├── db │ │ │ └── tables │ │ │ │ └── hsql_database_tables.sql │ │ ├── keystore.jwks │ │ └── log4j.xml │ └── webapp │ │ ├── META-INF │ │ └── context.xml │ │ ├── WEB-INF │ │ ├── application-context.xml │ │ ├── application.properties │ │ ├── data-context.xml │ │ ├── jpa-config.xml │ │ ├── local-config.xml │ │ ├── resources │ │ │ ├── css │ │ │ │ └── trust.css │ │ │ └── js │ │ │ │ └── trust.js │ │ ├── servlet-context.xml │ │ └── web.xml │ │ ├── index.jsp │ │ └── templates │ │ ├── all-cards.html │ │ ├── card.html │ │ ├── instance-builder.html │ │ ├── login.jsp │ │ └── new-card.html │ └── test │ ├── config │ ├── application-context.xml │ ├── data-context.xml │ └── jpa-config.xml │ └── java │ └── org │ └── mitre │ └── dtf │ ├── repository │ ├── JpaCardRepositoryTest.java │ └── JpaInstanceRepositoryTest.java │ └── test │ └── TestData.java └── modular-provisions ├── CertificationTXT.md ├── ExecutiveOfficerTXT.md ├── LiabilityTxt.md ├── README.md ├── RoleTXT.md ├── ScopeTXT.md ├── SystemOperatorTXT.md └── TemplateTXT.md /.gitignore: -------------------------------------------------------------------------------- 1 | local-values.conf 2 | target 3 | *~ 4 | bin 5 | *.idea 6 | *.iml 7 | *.eml 8 | .project 9 | .settings 10 | .classpath 11 | /target 12 | .springBeans 13 | -------------------------------------------------------------------------------- /Illustration of Key Components.md: -------------------------------------------------------------------------------- 1 | ## Illustration of Key Components in Trust Framework ## 2 | 3 | ### MITRE as Identity Provider (IdP) 4 | 5 | ![](http://i.imgur.com/7s9dWif.png) 6 | 7 | ### MITRE as Relying Party (RP) 8 | 9 | 10 | ![](http://i.imgur.com/fZDJkQD.png) -------------------------------------------------------------------------------- /Modules.md: -------------------------------------------------------------------------------- 1 | #Modules 2 | 3 | ## Roles 4 | 5 | **[IdP](https://github.com/mitreid-connect/trust-framework/blob/master/TrustFramework.md#123--identity-provider)**: Identity provider, the service that asserts identities for users. Must use a federated identity protocol. Known as the Authorization Server (AS) in OAuth parlance. 6 | 7 | **[RP](https://github.com/mitreid-connect/trust-framework/blob/master/TrustFramework.md#126--relying-party)**: Relying party, the site being logged into. Must use a federated identity protocol. Known as the Client in OAuth parlance. 8 | 9 | ## MITRE as IdP 10 | 11 | This section lists the components as they come into play when MITRE is the IdP. 12 | 13 | ### Instances 14 | 15 | MITRE runs three IdP Instances 16 | 17 | * `id.mitre.org`: Current MITRE employees 18 | * `cacproxy.mitre.org`: CAC holders 19 | * `partnerid.mitre.org`: Invited non-MITRE users provisioned with a username and password at MITRE 20 | 21 | 22 | ### Lists 23 | 24 | Lists are maintained on a per-IdP instance basis. A client may appear on multiple lists across different IdP instances. 25 | 26 | #### Whitelist 27 | 28 | A list of pre-authorized RPs and the conditions under which users will not be prompted (such as a list of pre-approved scopes). 29 | 30 | #### Blacklist 31 | 32 | A list of forbidden RPs that authorized users MUST NOT log in to and will be prevented from doing so by the IdP. This usually takes the form of a set of redirect URIs that are not allowed to be registered. 33 | 34 | #### Graylist 35 | 36 | A list of RPs authorized by end-users during runtime security decisions. For any client not on the whitelist or the blacklist, it will be automatically put on the graylist and the end user will be prompted with an authorization screen. These decisions MUST track the initial login time and the latest access time. The IdP SHOULD log all authorizations and accesses into an event log. 37 | 38 | ### Static Clients 39 | 40 | Clients that are registered with the IdP by an authorized system administrator. These clients may be whitelisted by a system administrator but are considered gray listed by default. Static clients can be registered with advanced access controls not available to dynamic clients. 41 | 42 | ### Dynamic Clients 43 | 44 | Clients that are registered programmatically (using a Dynamic Registration protocol) or through a self-service portal, but not by a system administrator. These clients are almost always gray listed and only rarely are whitelisted. Dynamic clients will have access to a limited set of identity services when compared to a statically registered client. 45 | 46 | ## MITRE as RP 47 | 48 | This section defines the components as they come into play when MITRE is the RP. 49 | 50 | ### Lists 51 | 52 | Lists are maintained on a per-RP basis. 53 | 54 | #### Whitelist 55 | 56 | A list of pre-authorized (and trusted) IdPs. Usually, the RP will be statically registered with one of these IdPs and may itself be whitelisted at the IdP, but neither of these are necessary conditions. The RP will provide to the user a list of authorized IdPs from which to choose or will automatically direct the user to the appropriate IdP. 57 | 58 | #### Blacklist 59 | 60 | A list of forbidden IdPs that are explicitly not trusted to provide identity. All users coming from a blacklisted IdP will be blocked by the RP from logging in. 61 | 62 | #### Graylist 63 | 64 | A list of IdPs that end users have provided to the RP for login purposes over time. The RP will usually present the user with an input field and use a discovery protocol like Webfinger to allow the user to specify an arbitrary IdP. 65 | 66 | ### Static Registration 67 | 68 | The RP has been (or must be) registered by an authorized system administrator at the IdP. This requires some form of out-of-band communication. 69 | 70 | ### Dynamic Registration 71 | 72 | The RP is registered programmatically or through the use of some kind of self-service portal. 73 | -------------------------------------------------------------------------------- /Scenarios/Air Force Portfolio Knowledge Management Capability.md: -------------------------------------------------------------------------------- 1 | # Air Force Portfolio Knowledge Management Capability 2 | 3 | ## Description 4 | The capability is a repository of work products (not necessarily approved for public release) created by MITRE under our Air Force work program. The products are accessible to MITRE and external sponsors, customers, and stakeholders. 5 | 6 | The repository is currently piloted in MITRE Community Share Partners (SharePoint repository accessible to MITRE and external partners). Currently, users (including MITRE) need to be individually authorized to access the repository using the MITRE Partnership Accounts platform. Users first need to be pre-registered as valid users and then fully register for access/membership. 7 | 8 | The primary means of vectoring Air Force stakeholders to the site is from a newsletter emailed by MITRE managers. The e-newsletter (PDF) provides summaries of workproducts with links to the repository and email addresses of authors. When a user clicks on a link the newsletter, their browser directs them to the repository login/registration page. 9 | 10 | There is a desire for registration to be opened (without invitation) to .mil and .gov domains and CAC card holders. Membership approval would still be driven by a list of pre-authorized users. 11 | 12 | ## Roles 13 | 14 | - **Current identity provider:** MITRE provides user name 15 | - **Potential: OpenID Connect** 16 | - **RP:** MITRE Community Share Partners website 17 | - **IdP:** 18 | - MITRE OpenID for MITRE employees 19 | - CAC for government holders 20 | - **Content Publisher:** MITRE information repository manager provides quality assurance review prior to publishing on site 21 | - **Inviter:** MITRE 22 | - **Invitee:** Air Force stakeholders and MITRE users 23 | 24 | ## Interactions 25 | 26 | - MITRE repository manager pre-registers valid usernames (email addresses) 27 | - MITRE portfolio directors and other leaders email newsletters with links to the repository to Air Force stakeholders 28 | - Air Force stakeholders register/login as needed 29 | 30 | ## Data 31 | - Username and password 32 | - Other profile information entered by users from MITRE Partnership Accounts platform 33 | - Potentially when government is IdP: basic identity information released to MITRE 34 | 35 | ## Lists (if ID is federated) 36 | 37 | - MITRE as IdP 38 | - MITRE RP SharePoint repository is whitelisted: MITRE users don't need to expressly login 39 | - Government as IdP: CAC card 40 | - MITRE RP repository is greylisted 41 | - MITRE repository as RP 42 | - OpenID is whitelisted 43 | - CACs are whitelisted 44 | 45 | ## Systems 46 | 47 | - Currently "as is" 48 | - MITRE Community Share Partners: [Air Force Portfolio Vectors](https://partners.mitre.org/sites/afpa/default.aspx) site 49 | - [MITRE Partnership Accounts](https://partnership.mitre.org/MCAP/login.jsp): Invited non-MITRE users provisioned with a username and password at MITRE. 50 | - Additionally, "could be" if ID is federated 51 | - [MITRE OpenID Connect](https://id.mitre.org/) 52 | - Government CAC 53 | 54 | 55 | ## Business Touchpoints 56 | - MITRE nominates content for publication in SharePoint collection and MITRE collection manager approves and uploads 57 | - MITRE portfolio managers and other MITRE leaders invite external stakeholders to be members of SharePoint collection 58 | - External stakeholders interact with MPA and the Sharepoint collection 59 | - Potential future information sources for the collection: Quality Work Flow and CNS Technical Product Library 60 | 61 | ## Legal Touchpoints 62 | - MITRE Community Share Partners Terms of Service 63 | - MITRE Partnership Accounts Terms of Service 64 | - Potential future touchpoint: MITRE OpenID Connect Terms of Service 65 | 66 | ##Identity-Related Value Proposition 67 | - Ease of login for stakeholders 68 | 69 | ##Risks and Mitigations 70 | 71 | - **R1:** Unknown external stakeholders will have access to non-public MITRE information 72 | - **M1:** Users will be individually invited and pre-authorized as valid users 73 | 74 | ##Challenges 75 | - Maintaining list of pre-approved government users 76 | -------------------------------------------------------------------------------- /Scenarios/Example-Scenario-Format.md: -------------------------------------------------------------------------------- 1 | The following scenario template format is being used by the MIT Big Data Privacy Work Group. It represents the approach of identifying the people (their roles/relaetionships), interactions among the people, the data in play and the relevant systems (business, legal and technical systems as relevant). 2 | 3 | ----- 4 | 5 | #Privacy Impact Assessment Template 6 | Daniel “Dazza” Greenwood, MIT. & Simon Thompson, BT. 7 | MIT Big Data Privacy Working Group, Feb 25, 2014 8 | 9 | # Elements of Privacy Impact Assessment: 10 | 11 | # 1. Components of scenario 12 | 13 | * Actors? (ie: Who are the parties, their respective roles and relationships? Who is data owner? Who is using the data? Who are the data subjects?) 14 | 15 | * Interactions? (ie: What transactions or other exchanges between Actors?) 16 | 17 | * Data (ie: What kind of personal data? What is type of big data models, analytics or other outputs result from this scenario? What’s the Data Lifecycle? What constraints apply: e.g. Retention, liability for breach, and accuracy?) 18 | 19 | * Systems? (ie What business, legal, technical or social system matter most?) 20 | Business Systems (Ethics committees, sign-off by authorized officers, record keeping, audit) 21 | Legal Systems (Contracts, Employee rules/procedures, certification/accreditations, compliance reviews, insurance/bonding requirements, industry standard policy/guidelines, etc) 22 | Technical Systems (System permissions and security, alarms & automated detection of PAI, automatic anonymization of data, cryptography, etc) 23 | 24 | * Also, consider asking what the "Social Systems" are (What social systems and context exists?) 25 | 26 | # 2. Analysis of scenario 27 | 28 | * Goals (ie: What are the incentives and the benefits driving the Actors? who benefits? what are financial incentives?) 29 | 30 | * Rules: (ie: What are the relevant laws and regulations, other enforceable rules) 31 | 32 | * Risks: What are the risks? To whom? If the risk is an externality, how might it be mitigated? 33 | 34 | # 3. Assessment of scenario 35 | 36 | Existing or related best practices for context of this scenario 37 | What business, legal and/or technical best practices 38 | 39 | # 4. Gap 40 | 41 | Issues Not Addressed by Existing Practices and Solutions 42 | Short Fall Between Current and Needed Practices and Solutions 43 | 44 | # Instructions 45 | 46 | Use the elements (context, practice and gap) in the privacy impact assessment above to create a structured assessment of the scenario you are working on. The objective is to produce something analogous to an abstract for a conference paper or the executive summary for a board paper. Check that each section for the assessment of a scenario has attempted to address each of the questions or examples in the sub bullets of the elements. 47 | 48 | # Example PIA of Scenario 49 | 50 | * Worked Example: 51 | 52 | We have chosen one of the scenarios to use as a worked example; however the output that we have created is just a strawman to illustrate how to use the impact assessment and is not intended as the end product impact assessment to be delivered by the scenario sub team to the working group. 53 | Scenario #2: Research Infrastructure for Social Media 54 | 55 | Social media represents rich grounds for researchers to obtain valuable ethnographic, epidemiological, and sociological data in order to study a wide variety of social phenomena. However, it is obvious that use of such data can infringe on user privacy, and must therefore be conducted with care. Aside from the initial use of the data, there are also questions about expectations for the life cycle and retention of the data. 56 | 57 | # 1. Context of Research Infrastructure for Social Media Scenario 58 | 59 | * Abstract: 60 | 61 | Study Participants are the subjects of data and have provided informed consent for the data to be transmitted by Social Media Provider to Researcher for purposes of research study. Researchers receive data from Social Media Providers by permission of Subjects. The Researchers become data controllers of the copy of the data as of the time they receive it. The Social Media Providers remain as data controllers for the data set that they continue to maintain. 62 | 63 | More Detailed Narrative: 64 | 65 | The incentive for the Study Participants and Social Media Providers is to act for the public good. The risk for the Study Participants is that they will be exposed to a breach of privacy. The Researchers may be acting for the public good or they may be acting to develop their career. 66 | 67 | The data exchanged may contain all aspects of personal identifying data including race, sexual and gender choice and political views. The data copy may be disposed of by the Researchers after the study or may be retained in a corpus for further study. The data copy must be held securely and the Researchers are liable for a breach. However the Social Media Provider may be liable if they have not assured that the Researchers are acting properly and also may risk collateral damage in the case of a breach even if the proper processes have been followed. A variety of technology and systems will be used to store and transmit the data including internet links and various databases. The data must be held according to the various Data Protection regulations in the territory that the data has been exported to (provided that the export is legal) 68 | 69 | # 1. Identify Components of the Scenario: 70 | 71 | Actors? (ie: Who are the parties, their respective roles and relationships? Who is data owner? Who is using the data? Who are the data subjects?) 72 | 73 | Interactions? (eg What transactions or other exchanges between Actors?) 74 | 75 | Data? (ie: What kind of personal data? what’s the Data lifecycle? what constraints apply, eg: Retention, liability for breach, and accuracy?) 76 | 77 | Systems? (ie What system are in play? What services, apps, other systems are being used by the Actors?) 78 | 79 | # 2. Analyze the Scenario 80 | 81 | Goals? (ie: What are the incentives and the benefits driving the Actors? who benefits? what are financial incentives?) 82 | 83 | Risks? (ie What are the risks? :To whom? If the risk is an externality, how might it be mitigated? 84 | 85 | Rules? (ie: What are the relevant laws and regulations, other enforceable rules) 86 | 87 | Time? (ie: Is this scenario describing a situation that in reality happens now, or is this a prediction of how things may be in 1 year, 3 years, etc?) 88 | 89 | # 3. Existing or related best practices for context of this scenario 90 | 91 | Typically an ethics committee would be required to give approval for work of this kind and an appropriate risk assessment undertaken to validate the arrangements that have been put in place to manage the data security and disclosure. 92 | 93 | In the UK organizations like the UK Data Archive can be consulted to manage the privacy processes and publication of results without breaching privacy. 94 | 95 | # 4. Gap 96 | 97 | The management of access to data and the risks associated with publication present an impediment to the use of social media data. Gathering informed consent from social media users is particularly problematic. To enable research of this kind we need to streamline these processes and provide automatic verification of the safety of disclosures. 98 | 99 | __________________ 100 | 101 | Notes on scenario and relevant resources 102 | 103 | This example is based on a study that is currently happening at the Technical University of Denmark in collaboration with the MIT Human Dynamics Lab. However, references to potential downstream sharing arrangements by Participants and Researchers represent prospective future phase research and assume a future state of perhaps 1 - 3 years hence. 104 | 105 | Relevant Resources (related to applicable rules): 106 | 107 | * When Facebook as the data, these terms apply: 108 | 109 | Platform Policy (Applies via Researcher’s Registered “Client” App/Service) 110 | https://developers.facebook.com/policy 111 | (see especially: https://developers.facebook.com/policy#data and https://developers.facebook.com/policy#definitions) 112 | 113 | Statement of Rights and Responsibilities 114 | https://www.facebook.com/legal/terms 115 | 116 | Data Use Policy 117 | https://www.facebook.com/about/privacy 118 | 119 | Facebook Community Standards 120 | https://www.facebook.com/communitystandards 121 | 122 | Facebook Principles [Note/Query: Does this constitute an enforceable source of rules?] 123 | https://www.facebook.com/principles.php 124 | 125 | * When the Researchers Receive the Data 126 | 127 | SensibleDTU Example Computational Social Science Research Study 128 | https://www.sensible.dtu.dk/?page_id=89 129 | 130 | * When the Participants Share Downstream Via Personal Data Services 131 | 132 | Placeholder 1: MIT Human Dynamics Lab Model Personal Data System Rules 133 | https://github.com/HumanDynamics/SystemRules/blob/master/Model_Personal_Data_System_Rules.md 134 | 135 | Placeholder 2: Draft Data Rights Services Agreement 136 | https://github.com/HumanDynamics/LegalAgreements/blob/master/DataRightsServicesAgreement.md 137 | -------------------------------------------------------------------------------- /Scenarios/Journal-of-Social-Media-for-Organizations (External Host).md: -------------------------------------------------------------------------------- 1 | # Scenario: 2 | [Journal of Social Media for Organizations](http://www2.mitre.org/public/jsmo/) 3 | 4 | ## Classification: 5 | 6 | MITRE-facilitate RP (possibly on remote host) 7 | 8 | MITRE as IdP (for MITRE people), other third party IdPs (for other people) 9 | 10 | ## Description: 11 | The Journal of Social Media for Organizations (JSMO) is a peer-reviewed electronic journal published by MITRE. The journal is openly available a public web server (possibly run by MITRE, possibly run by a third party). There is a desire for public comments and discussion threads on the articles published, with participants from the general public. 12 | 13 | Desire is to allow anyone to comment but to cut down on spam and to have a chance of tracing back individual commenters for follow-up. 14 | 15 | Identity proofing of commenters is not required, pseudonymity is acceptable. 16 | 17 | ## People: 18 | * Role: Publisher 19 | * Parties: MITRE via Jill Drury, Others? 20 | * Role: Readers/Commenters 21 | * Parties: MITRE Employees, MITRE partners, Identified Public 22 | * Role: Identity Providers (IdP) 23 | * Parties: MITRE (for MITRE employees and partners), Third party TBD: Google? MIT? 24 | 25 | ## Interactions: 26 | * Commenters use Social Login to access MITRE Online Journal for Comments 27 | - Commenters Authorize MITRE Online Journal (OpenID Connect Client) to their IdP for Login 28 | - Commenters Revoke Authorization for MITRE Online Journal to their IdP for Login 29 | 30 | * Relationships between Roles 31 | - Journal as User Authority for accounts and MITRE IdP 32 | - Other 33 | 34 | ## Data: 35 | * IdP PII Released to MITRE: ("Basic User Info", Name/Email for Google, etc ...) 36 | * Other? (Business Reporting? Log Data?) 37 | 38 | ## Lists: 39 | 40 | Whitelist at JSMO RP includes these aspects: 41 | 42 | * Simplified login via NASCAR button 43 | 44 | Graylist at JSMO RP facilitated by webfinger-style login (user enters an email address) 45 | 46 | 47 | ###List contents: 48 | 49 | * MITRE IdP to be whitelisted by JSMO RP 50 | * Some third-party IdPs (Google? MIT?) potentially to be whitelisted by JSMO RP 51 | * All other OpenID Connect IdPs to be graylisted by JSMO RP 52 | 53 | * JSMO RP to be whitelisted by MITRE IdP 54 | * JSMO RP to be graylisted by third-party IdPs 55 | 56 | # Systems: 57 | ## Technology Systems: 58 | * Hosting platform with CMS capability 59 | * [Journal of Social Media for Organizations (JSMO)](http://www2.mitre.org/public/jsmo/) 60 | * [MITREid](https://id.mitre.org/about) 61 | * Third Party IdPs 62 | * Other? 63 | 64 | ## Business Systems: 65 | * MITRE Publishing Unit (Collaboration Center of Excellence?) 66 | * Other? 67 | 68 | ## Legal Systems: 69 | * MITRE Partnership Network 70 | * MITRE Boilerplate Overlay? (eg Terms and Conditions, Privacy Policy, EULA?) 71 | * Other? 72 | 73 | ##Motivations: 74 | * Business Drivers: 75 | * Enable/increase comments 76 | * Reduce barriers to comments 77 | * Allow for longer-term collaboration and conversation between commenters and authors 78 | * Business Inhibitors: 79 | * Security considerations of allowing remote login to MITRE's www site 80 | * Ability to enable social login on one section of the site without affecting other sections 81 | * Goals: 82 | * TBD 83 | -------------------------------------------------------------------------------- /Scenarios/Journal-of-Social-Media-for-Organizations.md: -------------------------------------------------------------------------------- 1 | # Scenario: 2 | [Journal of Social Media for Organizations](http://www2.mitre.org/public/jsmo/) 3 | 4 | ## Classification: 5 | 6 | MITRE-hosted RP 7 | 8 | MITRE as IdP (for MITRE people), other third party IdPs (for other people) 9 | 10 | ## Description: 11 | The Journal of Social Media for Organizations (JSMO) is a peer-reviewed electronic journal published by MITRE. The journal is openly available a public web server (possibly run by MITRE, possibly run by a third party). There is a desire for public comments and discussion threads on the articles published, with participants from the general public. 12 | 13 | Desire is to allow anyone to comment but to cut down on spam and to have a chance of tracing back individual commenters for follow-up. 14 | 15 | Identity proofing of commenters is not required, pseudonymity is acceptable. 16 | 17 | ## People: 18 | * Role: Publisher 19 | * Parties: MITRE via Jill Drury, Others? 20 | * Role: Readers/Commenters 21 | * Parties: MITRE Employees, MITRE partners, Identified Public 22 | * Role: Identity Providers (IdP) 23 | * Parties: MITRE (for MITRE employees and partners), Third party TBD: Google? MIT? 24 | 25 | ## Interactions: 26 | * Commenters use Social Login to access MITRE Online Journal for Comments 27 | - Commenters Authorize MITRE Online Journal (OpenID Connect Client) to their IdP for Login 28 | - Commenters Revoke Authorization for MITRE Online Journal to their IdP for Login 29 | 30 | * Relationships between Roles 31 | - Journal as User Authority for accounts and MITRE IdP 32 | - Other 33 | 34 | ## Data: 35 | * IdP PII Released to MITRE: ("Basic User Info", Name/Email for Google, etc ...) 36 | * Other? (Business Reporting? Log Data?) 37 | 38 | ## Lists: 39 | 40 | Whitelist at JSMO RP includes these aspects: 41 | 42 | * Simplified login via NASCAR button 43 | 44 | Graylist at JSMO RP facilitated by webfinger-style login (user enters an email address) 45 | 46 | 47 | ###List contents: 48 | 49 | * MITRE IdP to be whitelisted by JSMO RP 50 | * Some third-party IdPs (Google? MIT?) potentially to be whitelisted by JSMO RP 51 | * All other OpenID Connect IdPs to be graylisted by JSMO RP 52 | 53 | * JSMO RP to be whitelisted by MITRE IdP 54 | * JSMO RP to be graylisted by third-party IdPs 55 | 56 | # Systems: 57 | ## Technology Systems: 58 | * [MITRE Web Site Platform](http://www.mitre.org/) 59 | * [Journal of Social Media for Organizations (JSMO)](http://www2.mitre.org/public/jsmo/) 60 | * [MITREid](https://id.mitre.org/about) 61 | * Third Party IdPs 62 | * Other? 63 | 64 | ## Business Systems: 65 | * MITRE Publishing Unit (Collaboration Center of Excellence?) 66 | * Other? 67 | 68 | ## Legal Systems: 69 | * MITRE Partnership Network 70 | * MITRE Boilerplate Overlay? (eg Terms and Conditions, Privacy Policy, EULA?) 71 | * Other? 72 | 73 | ##Motivations: 74 | * Business Drivers: 75 | * Enable/increase comments 76 | * Reduce barriers to comments 77 | * Business Inhibitors: 78 | * Security considerations of allowing remote login to MITRE's www site 79 | * Ability to enable social login on one section of the site without affecting other sections 80 | * Goals: 81 | * TBD 82 | -------------------------------------------------------------------------------- /Scenarios/MIT-Login-to-Handshake.md: -------------------------------------------------------------------------------- 1 | # Scenario: 2 | MIT login to Handshake 3 | 4 | ## Classification: 5 | 6 | MITRE as RP, MIT as IdP 7 | 8 | ## Description: 9 | The Handshake site allows MITRE users to invite non-MITRE users to participate on the Handshake site. The goal is to allow MIT-affiliated users to log in with the [MIT IdP](https://oidc.mit.edu/) directly instead of requiring an account through MITRE Partnership Accounts (MPA). MIT affiliated users would still need to be invited by a MITRE user, they just wouldn't have a MITRE username/password anymore. 10 | 11 | ## People: 12 | * Role: Inviter 13 | * Parties: MITRE users 14 | * Role: Invitee 15 | * Parties: MIT affiliated user 16 | * Role: Identity Providers (IdP) 17 | * Parties: MIT IdP 18 | 19 | User Authority: MITRE employees invite particular email addresses, MIT binds that address to a particular credential account. 20 | 21 | ## Interactions: 22 | * Inviter invites invitee 23 | * MITRE user invites external participant by entering email address in Handshake form. Handshake recognizes `@mit.edu` email address and sends custom invitation form. 24 | 25 | ## Data: 26 | * IdP PII Released to MITRE: ("Basic User Info", Name/Email for Google, etc ...) 27 | * Other? (Business Reporting? Log Data?) 28 | 29 | ## Lists: 30 | 31 | 32 | ###List contents: 33 | 34 | * MIT IdP whitelisted by Handshake RP (logins limited to invited users only -- no standing invitation, no login) 35 | * Handshake RP graylisted at MIT IdP 36 | 37 | # Systems: 38 | ## Technology Systems: 39 | * [Handshake](http://handshake.mitre.org/) 40 | * [MIT OpenID Connect IdP](https://oidc.mit.edu/) 41 | * Other? 42 | 43 | ## Business Systems: 44 | * Handshake 45 | * MITRE Partnership Network 46 | * Other? 47 | 48 | ## Legal Systems: 49 | * MITRE Partnership Network 50 | * Handshake terms of service 51 | * Other? 52 | 53 | ##Motivations: 54 | * Business Drivers: 55 | * Ease login and invitation for a class of external partners 56 | * Business Inhibitors: 57 | * Security considerations of allowing non-MITRE IdP access to Handshake 58 | * Ability of Handshake to classify all users coming from MIT 59 | * Goals: 60 | * TBD -------------------------------------------------------------------------------- /TrustFrameworkCommentary.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | This is a placeholder for Trust Framework corresponding commentary, including "parking lot" items for review potentially as part of commentary. 4 | 5 | 6 | ----- 7 | Parking Lot: 8 | 9 | # Order of Precedence 10 | 11 | **Example from DoD** 12 | The following was circulated a few minutes ago on an IDESG/NSTIC list, illustrating the DoD order of precedence as it relates to legal and technical standards based rules: 13 | 14 | From: jerrylsmit@aol.com [mailto:jerrylsmit@aol.com] 15 | Sent: Thursday, February 13, 2014 10:20 AM 16 | To: Tilton, Cathy; gerald.l.smith180.civ@mail.mil 17 | Subject: Re: [Standards_sc] Agenda for the 13 February SCC meeting 18 | 19 | Good morning Cathy! 20 | 21 | I tried dialing in but the teleconferenc is proably cancelled due to the snow today ... if not, please send me an email right away. Thanks! 22 | 23 | Regarding today's topic, here is what DoD has adopted in our IT Standards Policy regarding standards selection: 24 | 25 | 26 | "The IT Program strategy is to use accredited open standards from authoritative sources in accordance with DoD policy and preferences. The DoD prefers that its requirements are satisfied within open consensus-based public and private sector standards currently available or under development. Being available from a reputable and authoritative source means that the responsible SDO/SSO must have an established position within the relevant technical, professional, and marketplace communities as an objective authority in its sphere of activity. This also implies that the standards developed by the organization are widely accepted and have been successfully implemented in the marketplace. The “open” requirement for IT standards is not simply a desired characteristic – it is based in practical legal and cost considerations. Standards must be publicly available and free from patents, copyrights, intellectual property right constraints, and be royalty free." 27 | 28 | We have a table that lists order of precedence: 29 | 30 | "a. Selection of IT Standards 31 | (1) IT standards will be considered for adoption using the priority order identified in the Table. 32 | 33 | Table. DoD Standards Consideration Priorities 34 | 35 | Priority 36 | 37 | Source 38 | 39 | Example 40 | 41 | 42 | 43 | 1 44 | 45 | Federal Regulation 46 | 47 | or Law 48 | 49 | US Code, OMB Circular 50 | 51 | 2 52 | 53 | Internationally Accredited and Treaty Based 54 | 55 | International Standards Organization (ISO), International Electrotechnical Commission (IEC), United Nations/Economic Commission for Europe (UN/ECE), International Telecommunication Union (ITU), International Standardization Agreement 56 | 57 | 3 58 | 59 | National 60 | 61 | American National Standards Institute (ANSI) 62 | 63 | 4 64 | 65 | Professional Society, Technology Consortia, Industry Association 66 | 67 | Institute of Electrical and Electronics Engineers, Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C), Organization for the Advancement of Structured Information Standards (OASIS), Object Management Group 68 | 69 | 5 70 | 71 | Federal 72 | 73 | Federal Information Processing Standard 74 | 75 | 6 76 | 77 | Military 78 | 79 | MIL-STD, standardization agreement 80 | 81 | 82 | (2) These attributes and characteristics as defined in the SOP will be considered by the JESC when selecting standards for inclusion in the DISR. 83 | 84 | (a) Utility: Primary features and functions of this standard meet DoD requirements. 85 | 86 | (b) Interoperability: Standard meets requirements to connect, access, and share applications and services. 87 | 88 | (c) Technical Maturity: Standard is established, stable, and has well-established marketplace support. 89 | 90 | (d) Implementability: Standard is used in applications within the federal or private sector. 91 | 92 | (e) Security: Standard that does not introduce unacceptable information risks to the environment. Security is a condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. 93 | 94 | (f) Applicability: Standard is relevant and meets the needs of programs to include potential risks, impacts on cost, schedule, performance, and security. 95 | 96 | (g) Intellectual Property Rights: Standard is publicly available and is not subjected to intellectual property rights claims such as patents, royalties, or overly burdensome copyright provisions. 97 | 98 | (h) Public Availability: Standard is publicly accessible for unrestricted use." 99 | 100 | 101 | - - - - - - - - - - - 102 | 103 | R, 104 | 105 | Jerry 106 | 107 | 108 | 109 | # Commentary on "How to Apply this Trust Framework" 110 | 111 | **Consider including a section with tutorial and sample scenarios demonstrating how to apply the provisions and rules in common, key or irregular situations.** 112 | 113 | Potentially include business workflow and process application examples, legal addenda or amendments to harmonize terms and technical updates or migration guidance to interoperate. 114 | -------------------------------------------------------------------------------- /dtf-webapp/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2014 The MITRE Corporation 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /dtf-webapp/card.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id":1, 4 | "title":"Trust Framework Rules Envelope", 5 | "businessTxt":"This card indicates the \"party\" and the location of the \"Trust Framework System Rules\". In theory any cards could be created in any order, but as a matter of conceptual and policy coherence, this card reflects an initialization steps providing a legal and business basis upon which selection, configuration and publishing the the other cards and corresponding rules, systems, services and transactions. Based on: https://github.com/mitreid-connect/trust-framework/blob/master/TrustFramework.md", 6 | "legalTxt":"These rules apply to the issuance, use, acceptance of or reliance on Derived Federated Credentials within the MITRE External Identity Federation. Neither this Trust Framework, nor any course between the Parties hereunder, shall constitute or create a partnership, joint venture, principal-agent relationship or employer-employee relationship between the Parties.", 7 | "technicalTxt":"The following use cases are supported under this Trust Framework: [TBD] [Commentary: For so long as MITREid is an early-stage research prototype, it is premature to focus on detailed documentation of supported use cases. However, this draft Trust Framework anticipates a future state at which external and internal parties will seek to implement and interoperate with MITRE External Identity Federation services and the important role of this document to facilitate and regulate adoption. To that end, the types of technical use cases that would be relevant and constructive to detail in the future are noted below. MITREid User Logs Into Grey Listed Relying Party MITREid User Logs Into White Listed Relying Party MITREid User Logs Into Black Listed Relying Party Non-MITRE User Logs Into MITRE External Identity Federation Enabled Site Non-MITRE CAC User Logs Into MITRE External Identity Federation Enabled Site MITRE Relying Party Site Implements MITRE External Identity Federation Access Non-MITRE Identity Provider Added to MITRE External Identity Federation White List Non-MITRE Relying Party Site Accepts MITREid User Login]", 8 | "dependencies":[ 9 | { 10 | "id":10, 11 | "description":"Scope", 12 | "tags":[ 13 | { 14 | "id":13, 15 | "name":"Scope" 16 | } 17 | ] 18 | }, 19 | { 20 | "id":11, 21 | "description":"Liability", 22 | "tags":[ 23 | { 24 | "id":9, 25 | "name":"Liability" 26 | } 27 | ] 28 | }, 29 | { 30 | "id":12, 31 | "description":"Roles", 32 | "tags":[ 33 | { 34 | "id":12, 35 | "name":"Roles" 36 | } 37 | ] 38 | }, 39 | { 40 | "id":14, 41 | "description":"Certification", 42 | "tags":[ 43 | { 44 | "id":10, 45 | "name":"Certification" 46 | } 47 | ] 48 | }, 49 | { 50 | "id":17, 51 | "description":"White List", 52 | "tags":[ 53 | { 54 | "id":16, 55 | "name":"WhiteList" 56 | } 57 | ] 58 | }, 59 | { 60 | "id":18, 61 | "description":"Grey List", 62 | "tags":[ 63 | { 64 | "id":18, 65 | "name":"GreyList" 66 | } 67 | ] 68 | }, 69 | { 70 | "id":19, 71 | "description":"Black List", 72 | "tags":[ 73 | { 74 | "id":17, 75 | "name":"BlackList" 76 | } 77 | ] 78 | }, 79 | { 80 | "id":20, 81 | "description":"Service Level Agreement", 82 | "tags":[ 83 | { 84 | "id":19, 85 | "name":"SLA" 86 | } 87 | ] 88 | }, 89 | { 90 | "id":21, 91 | "description":"Record Keeping and Reporting", 92 | "tags":[ 93 | { 94 | "id":21, 95 | "name":"Audit" 96 | }, 97 | { 98 | "id":20, 99 | "name":"Logging" 100 | } 101 | ] 102 | } 103 | ], 104 | "providesTags":[ 105 | { 106 | "id":8, 107 | "name":"IdentityTrustFramework" 108 | } 109 | ] 110 | }, 111 | { 112 | "id":2, 113 | "title":"Scope", 114 | "businessTxt":"This Trust Framework applies to the use by MITRE personnel of OpenID 2.0 and OpenID Connect, collectively called MITREid. This Trust Framework also applies to all non-MITRE users who connect to MITRE systems using the MITRE External Identity Federation.", 115 | "legalTxt":"The authoritative current version of the Trust Framework System Rules can be found at www.mitre.org/trustframework [note actual URL to be determined]. These Rules, including all documents explicitly Incorporated by Reference, provide standard default terms for use of the External Identity Federation, but in the event of a conflict between the terms of an existing contract between parties governing the terms of access to relevant applications or services, then the terms of the existing contract shall govern. When the text of these Rules explicitly refers to a \\u201cdocument Incorporated by Reference\\u201d and includes a URL to the authoritative version of that document, then the content of that document shall have the same force and effect as if directly published within these Rules.", 116 | "technicalTxt":"reserved.", 117 | "dependencies":[ 118 | 119 | ], 120 | "providesTags":[ 121 | { 122 | "id":13, 123 | "name":"Scope" 124 | } 125 | ] 126 | }, 127 | { 128 | "id":3, 129 | "title":"Roles", 130 | "businessTxt":"The following Roles exist within this system.", 131 | "legalTxt":"The following Roles exist within this system.", 132 | "technicalTxt":"The following Roles exist within this system.", 133 | "dependencies":[ 134 | { 135 | "id":5, 136 | "description":"Policy Authority", 137 | "tags":[ 138 | { 139 | "id":1, 140 | "name":"PolicyAuthorityParty" 141 | } 142 | ] 143 | }, 144 | { 145 | "id":6, 146 | "description":"Relying Party", 147 | "tags":[ 148 | { 149 | "id":6, 150 | "name":"RelyingParty" 151 | } 152 | ] 153 | }, 154 | { 155 | "id":15, 156 | "description":"Identity Provider", 157 | "tags":[ 158 | { 159 | "id":14, 160 | "name":"IdentityProvider" 161 | } 162 | ] 163 | }, 164 | { 165 | "id":16, 166 | "description":"User Authority", 167 | "tags":[ 168 | { 169 | "id":15, 170 | "name":"UserAuthority" 171 | } 172 | ] 173 | } 174 | ], 175 | "providesTags":[ 176 | { 177 | "id":12, 178 | "name":"Roles" 179 | } 180 | ] 181 | }, 182 | { 183 | "id":4, 184 | "title":"id.mitre.org", 185 | "businessTxt":"MITREid Connect is an implementation of OpenID Connect for use by MITRE employees. This service is available to all current MITRE employees on any site that supports the OpenID Connect protocol.", 186 | "legalTxt":"reserved", 187 | "technicalTxt":"This OpenID Connect service is built from the MITREid Connect Open Source project started by The MITRE Corporation. This is a research prototype system with best-effort availability. This service aims to be a generally-applicable reference implementation of OpenID Connect and OAuth 2 and provides a range of useful features such as signed tokens and token introspection. This server also supports Dynamic Client Registration for the standard OpenID Connect scopes of openid , address , email , profile , phone , and offline_access . Other scopes and features are available by registering a client through a systems administrator. More information about the project can be found on the MTIREid Connect page on GitHub. There, you can submit bug reports, give feedback, or even contribute code patches for additional features you'd like to see. For server configuration details, go to: https://id.mitre.org/connect/.well-known/openid-configuration", 188 | "dependencies":[ 189 | 190 | ], 191 | "providesTags":[ 192 | { 193 | "id":2, 194 | "name":"SystemEndpoint" 195 | }, 196 | { 197 | "id":14, 198 | "name":"IdentityProvider" 199 | } 200 | ] 201 | }, 202 | { 203 | "id":5, 204 | "title":"oidc.mit.edu", 205 | "businessTxt":"MIT, This OpenID Connect service is built from the MITREid Connect Open Source project, from The MITRE Corporation and the MIT Kerberos and Internet Trust Consortium.", 206 | "legalTxt":"Massachusetts Institute of Technology, a not-for-profit corporation located at 77 Massachusetts Ave.", 207 | "technicalTxt":"oidc.mit.edu, This OpenID Connect service is built from the MITREid Connect Open Source project, from The MITRE Corporation and the MIT Kerberos and Internet Trust Consortium. For server configuration details, go to: https://oidc.mit.edu/.well-known/openid-configuration", 208 | "dependencies":[ 209 | 210 | ], 211 | "providesTags":[ 212 | { 213 | "id":2, 214 | "name":"SystemEndpoint" 215 | }, 216 | { 217 | "id":14, 218 | "name":"IdentityProvider" 219 | } 220 | ] 221 | }, 222 | { 223 | "id":6, 224 | "title":"No Service Level Guarantee", 225 | "businessTxt":"Reasonable efforts are made to maintain service, however you may notice occasional outages or disruptions as MITREid is being continuously refined. Under this Trust Framework, support of MITRE External Identity Federation services as Identity Provider and/or Relying Party and/or otherwise may be modified or discontinued at any time and with no notice.", 226 | "legalTxt":"Reasonable efforts are made to maintain service, however you may notice occasional outages or disruptions as MITREid is being continuously refined. Under this Trust Framework, support of MITRE External Identity Federation services as Identity Provider and/or Relying Party and/or otherwise may be modified or discontinued at any time and with no notice.", 227 | "technicalTxt":"reserved", 228 | "dependencies":[ 229 | 230 | ], 231 | "providesTags":[ 232 | { 233 | "id":19, 234 | "name":"SLA" 235 | } 236 | ] 237 | }, 238 | { 239 | "id":7, 240 | "title":"Record Keeping & Logging", 241 | "businessTxt":"See legal and technical descriptions.", 242 | "legalTxt":"The required log files for Identity Providers and White Listed Relying Parties under Section 3.6 of this Trust Framework must be protected and maintained in accordance with reasonable commercial practices or as specified in any applicable certification or agreement. Such log files must be made available to MITRE upon request when reasonably necessary to ensure MITRE External Identity Federation system integrity or for purposes of troubleshooting MITRE system issues.", 243 | "technicalTxt":"3.6.1. Identity Provider Event Logging An Identity Provider MUST log the following events: User approves a site User logs in to an Identity Provider User uses an Identity Provider to log into a Relying Party User denies log in to a Relying Party User revokes access to a Relying Party 3.6.2. The System Operator shall maintain records of the Identity Provider log files related to MITRE Users and required under Section 3.6.1 in accordance with MITRE Records Management Procedure IM 4.3.1.1. 3.6.3. White Listed Relying Party Event Logging A White Listed Relying Party MUST log the following events: User selects an Identity Provider to login to a Relying Party User uses an Identity Provider to login to a Relying Party User denies the authentication transaction", 244 | "dependencies":[ 245 | 246 | ], 247 | "providesTags":[ 248 | { 249 | "id":21, 250 | "name":"Audit" 251 | }, 252 | { 253 | "id":20, 254 | "name":"Logging" 255 | } 256 | ] 257 | }, 258 | { 259 | "id":8, 260 | "title":"Liability", 261 | "businessTxt":"Reserved", 262 | "legalTxt":"THE MITRE CORPORATION MAKES NO WARRANTY, EXPRESS OR IMPLIED, AS TO THE ACCURACY, CAPABILITY, EFFICIENCY, MERCHANTABILITY, OR FUNCTIONALITY OF MITREid OR MITRE EXTERNAL IDENTITY FEDERATION OR ANY INFORMATION OR SERVICES COMPRISING OR RELATED TO MITREid OR MITRE EXTERNAL IDENTITY FEDERATION. IN NO EVENT WILL THE MITRE CORPORATION BE LIABLE FOR ANY GENERAL, CONSEQUENTIAL, INDIRECT, INCIDENTAL, EXEMPLARY, OR SPECIAL DAMAGES, EVEN IF MITRE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.", 263 | "technicalTxt":"Reserved", 264 | "dependencies":[ 265 | 266 | ], 267 | "providesTags":[ 268 | { 269 | "id":9, 270 | "name":"Liability" 271 | } 272 | ] 273 | }, 274 | { 275 | "id":9, 276 | "title":"The MITRE External Identity Federation Certification Policy", 277 | "businessTxt":"Certification is a material consideration favoring the System Operator decision on inclusion of parties to a White List, but is neither required nor sufficient.", 278 | "legalTxt":"Reserved for legal text.", 279 | "technicalTxt":"White Listed Identity Providers have their Trust Root for OpenID 2.0 or Issuer for OpenID Connect reflected in the Relying Party.", 280 | "dependencies":[ 281 | 282 | ], 283 | "providesTags":[ 284 | { 285 | "id":10, 286 | "name":"Certification" 287 | } 288 | ] 289 | }, 290 | { 291 | "id":10, 292 | "title":"Grey List Policy", 293 | "businessTxt":"Grey Listed sites include any Identity Provider or Relying Party that implements the standards in Section 3 and that has not been added to a White List or Black List by the System Operator. Any Grey Listed Relying Party may accept a Derived Federated Credential from any User and any User may use a Derived Federated Credential to access the site of any Grey Listed Relying Party. If an Identity Provider is Grey Listed, then the Relying Party makes the decision on a per use or other basis whether to accept and rely upon credentials issued by that Identity Provider. If a Relying Party is on a Grey List then the User makes the decision whether to authorize the use of their Derived Federated Credential to access the Relying Party site.", 294 | "legalTxt":"legal text placeholder", 295 | "technicalTxt":"No additional configuration is required for any Grey List site or service.", 296 | "dependencies":[ 297 | 298 | ], 299 | "providesTags":[ 300 | { 301 | "id":18, 302 | "name":"GreyList" 303 | } 304 | ] 305 | }, 306 | { 307 | "id":11, 308 | "title":"White List Policy", 309 | "businessTxt":"The System Operator, by approval of or delegated authority by the Policy Authority, may add a Relying Party site to the MITREid White List, thereby allowing automated authorization for MITRE Users.", 310 | "legalTxt":"reserved", 311 | "technicalTxt":"3.3.2. White Listed Identity Providers White Listed Identity Providers have their Trust Root for OpenID 2.0 or Issuer for OpenID Connect reflected in the Relying Party. 3.3.3. White Listed Relying Parties White Listed Relying Parties have their Trust Root for OpenID 2.0 and/or their Client ID for OpenID Connect configured in the Relying Party system.", 312 | "dependencies":[ 313 | { 314 | "id":22, 315 | "description":"Administrator of the white list", 316 | "tags":[ 317 | { 318 | "id":5, 319 | "name":"SystemOperator" 320 | } 321 | ] 322 | } 323 | ], 324 | "providesTags":[ 325 | { 326 | "id":16, 327 | "name":"WhiteList" 328 | } 329 | ] 330 | }, 331 | { 332 | "id":12, 333 | "title":"Black List Policy", 334 | "businessTxt":"The System Operator may determine whether a site is in violation of these rules or otherwise disapproved for federation, and upon such determination may add that site to the MITREid Black List, thereby preventing a MITRE User from using their Derived Federated Credential to access such site and preventing Derived Federated Credentials from Black Listed Identity Providers from being used to access MITRE Relying Party sites under this Trust Framework.", 335 | "legalTxt":"reserved", 336 | "technicalTxt":"3.3.4. Black Listed Identity Providers Black Listed Identity Providers have their Trust Root for OpenID 2.0 or Issuer for OpenID Connect configured to be denied in Relying Party system. 3.3.5. Black Listed Relying Parties Black Listed Relying Party\\u2019s have their Trust Root for OpenID 2.0 and their redirect URI for OpenID Connect configured to be denied in the Relying Party system.", 337 | "dependencies":[ 338 | { 339 | "id":24, 340 | "description":"Administrator of the black list", 341 | "tags":[ 342 | { 343 | "id":5, 344 | "name":"SystemOperator" 345 | } 346 | ] 347 | } 348 | ], 349 | "providesTags":[ 350 | { 351 | "id":17, 352 | "name":"BlackList" 353 | } 354 | ] 355 | } 356 | ] -------------------------------------------------------------------------------- /dtf-webapp/pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4.0.0 4 | org.mitre 5 | dynamic-trust-framework 6 | war 7 | 0.0.1-SNAPSHOT 8 | dynamic-trust-framework Maven Webapp 9 | http://maven.apache.org 10 | 11 | 12 | 1.8 13 | 4.0.6.RELEASE 14 | 2.4.1 15 | 3.1.4.RELEASE 16 | 1.1.8 17 | 1.5.10 18 | 19 | 20 | 21 | 22 | 23 | org.apache.maven.plugins 24 | maven-compiler-plugin 25 | 3.1 26 | 27 | ${java-version} 28 | ${java-version} 29 | 30 | 31 | 32 | org.apache.maven.plugins 33 | maven-war-plugin 34 | 2.4 35 | 36 | ${project.artifactId} 37 | 38 | 39 | 40 | org.apache.maven.plugins 41 | maven-dependency-plugin 42 | 2.8 43 | 44 | 45 | install 46 | install 47 | 48 | sources 49 | 50 | 51 | 52 | 53 | 54 | org.apache.maven.plugins 55 | maven-resources-plugin 56 | 2.5 57 | 58 | UTF-8 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | org.mitre 68 | openid-connect-client 69 | ${mitreid-connect-version} 70 | 71 | 72 | 73 | org.apache.httpcomponents 74 | httpclient 75 | 4.3.5 76 | 77 | 78 | 79 | 80 | javax.inject 81 | javax.inject 82 | 1 83 | 84 | 85 | 86 | 87 | junit 88 | junit 89 | 4.11 90 | test 91 | 92 | 93 | org.springframework 94 | spring-test 95 | ${org.springframework-version} 96 | test 97 | 98 | 99 | 100 | 101 | javax.servlet 102 | javax.servlet-api 103 | 3.1.0 104 | provided 105 | 106 | 107 | javax.servlet 108 | servlet-api 109 | 2.5 110 | provided 111 | 112 | 113 | javax.servlet.jsp 114 | jsp-api 115 | 2.1 116 | provided 117 | 118 | 119 | javax.servlet 120 | jstl 121 | 1.2 122 | 123 | 124 | 125 | 126 | 127 | org.springframework.security 128 | spring-security-taglibs 129 | ${spring.security.version} 130 | 131 | 132 | org.springframework 133 | * 134 | 135 | 136 | 137 | 138 | 139 | org.springframework 140 | spring-context 141 | ${org.springframework-version} 142 | 143 | 144 | 145 | commons-logging 146 | commons-logging 147 | 148 | 149 | 150 | 151 | org.springframework 152 | spring-webmvc 153 | ${org.springframework-version} 154 | 155 | 156 | org.springframework 157 | spring-jdbc 158 | ${org.springframework-version} 159 | 160 | 161 | org.springframework 162 | spring-orm 163 | ${org.springframework-version} 164 | 165 | 166 | org.springframework 167 | spring-aop 168 | ${org.springframework-version} 169 | 170 | 171 | org.springframework 172 | spring-tx 173 | ${org.springframework-version} 174 | 175 | 176 | org.springframework 177 | spring-expression 178 | ${org.springframework-version} 179 | 180 | 181 | 182 | org.eclipse.persistence 183 | javax.persistence 184 | 2.1.0 185 | 186 | 187 | org.eclipse.persistence 188 | org.eclipse.persistence.jpa 189 | 2.5.1 190 | 191 | 192 | commons-dbcp 193 | commons-dbcp 194 | 1.4 195 | 196 | 197 | org.hsqldb 198 | hsqldb 199 | 2.2.9 200 | 201 | 202 | 203 | 204 | org.slf4j 205 | slf4j-api 206 | ${org.slf4j-version} 207 | 208 | 209 | org.slf4j 210 | jcl-over-slf4j 211 | ${org.slf4j-version} 212 | runtime 213 | 214 | 215 | org.slf4j 216 | slf4j-log4j12 217 | ${org.slf4j-version} 218 | runtime 219 | 220 | 221 | log4j 222 | log4j 223 | 1.2.15 224 | 225 | 226 | javax.mail 227 | mail 228 | 229 | 230 | javax.jms 231 | jms 232 | 233 | 234 | com.sun.jdmk 235 | jmxtools 236 | 237 | 238 | com.sun.jmx 239 | jmxri 240 | 241 | 242 | runtime 243 | 244 | 245 | 246 | 247 | com.fasterxml.jackson.core 248 | jackson-core 249 | ${com.jackson.core-version} 250 | 251 | 252 | com.fasterxml.jackson.core 253 | jackson-databind 254 | ${com.jackson.core-version} 255 | 256 | 257 | com.fasterxml.jackson.core 258 | jackson-annotations 259 | ${com.jackson.core-version} 260 | 261 | 262 | com.google.guava 263 | guava 264 | 16.0 265 | 266 | 267 | 268 | 269 | -------------------------------------------------------------------------------- /dtf-webapp/screenshots/Dynamic_Trust_Framework_Webapp_-_2014-09-30_12.56.16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/trust-framework/4cd50f1f650652634dcc32cdd027db34f08f8d2a/dtf-webapp/screenshots/Dynamic_Trust_Framework_Webapp_-_2014-09-30_12.56.16.png -------------------------------------------------------------------------------- /dtf-webapp/screenshots/Screen Shot 2014-09-30 at 1.13.44 PM.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/trust-framework/4cd50f1f650652634dcc32cdd027db34f08f8d2a/dtf-webapp/screenshots/Screen Shot 2014-09-30 at 1.13.44 PM.png -------------------------------------------------------------------------------- /dtf-webapp/screenshots/Screen Shot 2014-09-30 at 2.08.51 PM.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/trust-framework/4cd50f1f650652634dcc32cdd027db34f08f8d2a/dtf-webapp/screenshots/Screen Shot 2014-09-30 at 2.08.51 PM.png -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/model/Card.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.model; 2 | 3 | import org.mitre.util.json.CardDeserializer; 4 | 5 | import java.util.List; 6 | import java.util.Set; 7 | 8 | import javax.persistence.Basic; 9 | import javax.persistence.CascadeType; 10 | import javax.persistence.Column; 11 | import javax.persistence.Entity; 12 | import javax.persistence.FetchType; 13 | import javax.persistence.GeneratedValue; 14 | import javax.persistence.GenerationType; 15 | import javax.persistence.Id; 16 | import javax.persistence.JoinTable; 17 | import javax.persistence.JoinColumn; 18 | import javax.persistence.ManyToMany; 19 | import javax.persistence.NamedQueries; 20 | import javax.persistence.NamedQuery; 21 | import javax.persistence.OneToMany; 22 | import javax.persistence.Table; 23 | 24 | import com.fasterxml.jackson.annotation.JsonManagedReference; 25 | import com.fasterxml.jackson.databind.annotation.JsonDeserialize; 26 | 27 | @Entity 28 | @Table(name = "Card") 29 | @NamedQueries({ 30 | @NamedQuery(name = "Card.findAll", query = "select c from Card c ORDER BY c.id") 31 | }) 32 | @JsonDeserialize(using = CardDeserializer.class) 33 | public class Card { 34 | 35 | private long id; // unique identifier 36 | private String title; // human-readable title 37 | private String businessTxt; 38 | private String legalTxt; 39 | private String technicalTxt; 40 | private List dependencies; // list of dependency slots 41 | private Set providesTags; // set of tags this card provides 42 | 43 | /** 44 | * Default empty parameter constructor. 45 | */ 46 | public Card() { 47 | // left blank intentionally 48 | } 49 | 50 | /** 51 | * @return the id 52 | */ 53 | @Id 54 | @GeneratedValue(strategy = GenerationType.IDENTITY) 55 | @Column(name = "id") 56 | public Long getId() { 57 | return id; 58 | } 59 | 60 | /** 61 | * @param id the id to set 62 | */ 63 | public void setId(Long id) { 64 | this.id = id; 65 | } 66 | 67 | /** 68 | * @return the title 69 | */ 70 | @Basic 71 | @Column(name = "title") 72 | public String getTitle() { 73 | return title; 74 | } 75 | 76 | /** 77 | * @param title the title to set 78 | */ 79 | public void setTitle(String title) { 80 | this.title = title; 81 | } 82 | 83 | /** 84 | * @return the businessTxt 85 | */ 86 | @Basic 87 | @Column(name = "businessTxt") 88 | public String getBusinessTxt() { 89 | return businessTxt; 90 | } 91 | 92 | /** 93 | * @param businessTxt the businessTxt to set 94 | */ 95 | public void setBusinessTxt(String businessTxt) { 96 | this.businessTxt = businessTxt; 97 | } 98 | 99 | /** 100 | * @return the legalTxt 101 | */ 102 | @Basic 103 | @Column(name = "legalTxt") 104 | public String getLegalTxt() { 105 | return legalTxt; 106 | } 107 | 108 | /** 109 | * @param legalTxt the legalTxt to set 110 | */ 111 | public void setLegalTxt(String legalTxt) { 112 | this.legalTxt = legalTxt; 113 | } 114 | 115 | /** 116 | * @return the technicalTxt 117 | */ 118 | @Basic 119 | @Column(name = "technicalTxt") 120 | public String getTechnicalTxt() { 121 | return technicalTxt; 122 | } 123 | 124 | /** 125 | * @param technicalTxt the technicalTxt to set 126 | */ 127 | public void setTechnicalTxt(String technicalTxt) { 128 | this.technicalTxt = technicalTxt; 129 | } 130 | 131 | @OneToMany(fetch = FetchType.EAGER, mappedBy = "card", cascade = CascadeType.ALL, orphanRemoval=true) 132 | @JsonManagedReference 133 | public List getDependencies() { 134 | return dependencies; 135 | } 136 | 137 | public void setDependencies(List dependencies) { 138 | this.dependencies = dependencies; 139 | } 140 | 141 | @ManyToMany(fetch = FetchType.EAGER) 142 | @JoinTable(name = "Provides", 143 | joinColumns = @JoinColumn(name = "cardId", referencedColumnName = "id"), 144 | inverseJoinColumns = @JoinColumn(name = "tagId", referencedColumnName = "id")) 145 | public Set getProvidesTags() { 146 | return providesTags; 147 | } 148 | 149 | public void setProvidesTags(Set tags) { 150 | this.providesTags = tags; 151 | } 152 | 153 | /* (non-Javadoc) 154 | * @see java.lang.Object#hashCode() 155 | */ 156 | @Override 157 | public int hashCode() { 158 | final int prime = 31; 159 | int result = 1; 160 | result = prime * result 161 | + ((businessTxt == null) ? 0 : businessTxt.hashCode()); 162 | result = prime * result 163 | + ((dependencies == null) ? 0 : dependencies.hashCode()); 164 | result = prime * result + (int) (id ^ (id >>> 32)); 165 | result = prime * result 166 | + ((legalTxt == null) ? 0 : legalTxt.hashCode()); 167 | result = prime * result 168 | + ((providesTags == null) ? 0 : providesTags.hashCode()); 169 | result = prime * result 170 | + ((technicalTxt == null) ? 0 : technicalTxt.hashCode()); 171 | result = prime * result + ((title == null) ? 0 : title.hashCode()); 172 | return result; 173 | } 174 | 175 | /* (non-Javadoc) 176 | * @see java.lang.Object#equals(java.lang.Object) 177 | */ 178 | @Override 179 | public boolean equals(Object obj) { 180 | if (this == obj) 181 | return true; 182 | if (obj == null) 183 | return false; 184 | if (getClass() != obj.getClass()) 185 | return false; 186 | Card other = (Card) obj; 187 | if (businessTxt == null) { 188 | if (other.businessTxt != null) 189 | return false; 190 | } else if (!businessTxt.equals(other.businessTxt)) 191 | return false; 192 | if (dependencies == null) { 193 | if (other.dependencies != null) 194 | return false; 195 | } else if (!dependencies.equals(other.dependencies)) 196 | return false; 197 | if (id != other.id) 198 | return false; 199 | if (legalTxt == null) { 200 | if (other.legalTxt != null) 201 | return false; 202 | } else if (!legalTxt.equals(other.legalTxt)) 203 | return false; 204 | if (providesTags == null) { 205 | if (other.providesTags != null) 206 | return false; 207 | } else if (!providesTags.equals(other.providesTags)) 208 | return false; 209 | if (technicalTxt == null) { 210 | if (other.technicalTxt != null) 211 | return false; 212 | } else if (!technicalTxt.equals(other.technicalTxt)) 213 | return false; 214 | if (title == null) { 215 | if (other.title != null) 216 | return false; 217 | } else if (!title.equals(other.title)) 218 | return false; 219 | return true; 220 | } 221 | 222 | /* (non-Javadoc) 223 | * @see java.lang.Object#toString() 224 | */ 225 | @Override 226 | public String toString() { 227 | return "Card [id=" + id + ", title=" + title + ", providesTags=" 228 | + providesTags + "]"; 229 | } 230 | 231 | } 232 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/model/CardNode.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.model; 5 | 6 | 7 | import java.util.List; 8 | 9 | import javax.persistence.Column; 10 | import javax.persistence.Entity; 11 | import javax.persistence.FetchType; 12 | import javax.persistence.GeneratedValue; 13 | import javax.persistence.GenerationType; 14 | import javax.persistence.Id; 15 | import javax.persistence.JoinColumn; 16 | import javax.persistence.ManyToOne; 17 | import javax.persistence.OneToMany; 18 | import javax.persistence.Table; 19 | 20 | import com.fasterxml.jackson.annotation.JsonBackReference; 21 | import com.fasterxml.jackson.annotation.JsonManagedReference; 22 | 23 | /** 24 | * This class represents a card as part of a trust framework instance as part of 25 | * a tree-like data structure. 26 | * 27 | * @author wkim 28 | * 29 | */ 30 | @Entity 31 | @Table(name="CardNode") 32 | public class CardNode { 33 | 34 | private long id; 35 | private Card card; 36 | private CardNode parentCardNode; 37 | private List childCardNodes; 38 | private Instance instance; 39 | 40 | public CardNode() { 41 | // default empty constructor 42 | } 43 | 44 | /** 45 | * @return the id 46 | */ 47 | @Id 48 | @GeneratedValue(strategy = GenerationType.IDENTITY) 49 | @Column(name = "id") 50 | public long getId() { 51 | return id; 52 | } 53 | /** 54 | * @param id the id to set 55 | */ 56 | public void setId(long id) { 57 | this.id = id; 58 | } 59 | 60 | /** 61 | * @return the card 62 | */ 63 | @ManyToOne(fetch = FetchType.EAGER) 64 | @JoinColumn(name = "cardId", referencedColumnName = "id") 65 | public Card getCard() { 66 | return card; 67 | } 68 | /** 69 | * @param card the card to set 70 | */ 71 | public void setCard(Card card) { 72 | this.card = card; 73 | } 74 | /** 75 | * @return the parentCardNode 76 | */ 77 | 78 | @ManyToOne(fetch = FetchType.EAGER) 79 | @JoinColumn(name = "parentCardNodeId", referencedColumnName = "id") 80 | @JsonBackReference 81 | public CardNode getParentCardNode() { 82 | return parentCardNode; 83 | } 84 | /** 85 | * @param parentCardNode the parentCardNode to set 86 | */ 87 | public void setParentCardNode(CardNode parentCardNode) { 88 | this.parentCardNode = parentCardNode; 89 | } 90 | /** 91 | * @return the childCardNodes 92 | */ 93 | @OneToMany(fetch = FetchType.EAGER, mappedBy = "parentCardNode") 94 | @JsonManagedReference 95 | public List getChildCardNodes() { 96 | return childCardNodes; 97 | } 98 | 99 | /** 100 | * @param childCardNodes the childCardNodes to set 101 | */ 102 | public void setChildCardNodes(List childCardNodes) { 103 | this.childCardNodes = childCardNodes; 104 | } 105 | 106 | /** 107 | * @return the instance 108 | */ 109 | @ManyToOne(fetch = FetchType.EAGER) 110 | @JoinColumn(name = "instanceId", referencedColumnName = "id") 111 | @JsonBackReference 112 | public Instance getInstance() { 113 | return instance; 114 | } 115 | 116 | /** 117 | * @param instance the instance to set 118 | */ 119 | public void setInstance(Instance instance) { 120 | this.instance = instance; 121 | } 122 | 123 | /* (non-Javadoc) 124 | * @see java.lang.Object#hashCode() 125 | */ 126 | @Override 127 | public int hashCode() { 128 | final int prime = 31; 129 | int result = 1; 130 | result = prime * result + ((card == null) ? 0 : card.hashCode()); 131 | result = prime * result + (int) (id ^ (id >>> 32)); 132 | result = prime * result + ((parentCardNode == null) ? 0 : parentCardNode.hashCode()); 133 | return result; 134 | } 135 | 136 | /* (non-Javadoc) 137 | * @see java.lang.Object#equals(java.lang.Object) 138 | */ 139 | @Override 140 | public boolean equals(Object obj) { 141 | if (this == obj) 142 | return true; 143 | if (obj == null) 144 | return false; 145 | if (getClass() != obj.getClass()) 146 | return false; 147 | CardNode other = (CardNode) obj; 148 | if (card == null) { 149 | if (other.card != null) 150 | return false; 151 | } else if (!card.equals(other.card)) 152 | return false; 153 | if (id != other.id) 154 | return false; 155 | if (parentCardNode == null) { 156 | if (other.parentCardNode != null) 157 | return false; 158 | } else if (!parentCardNode.equals(other.parentCardNode)) 159 | return false; 160 | return true; 161 | } 162 | 163 | } 164 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/model/Dependency.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.model; 2 | 3 | import java.util.Set; 4 | 5 | import javax.persistence.Basic; 6 | import javax.persistence.Column; 7 | import javax.persistence.Entity; 8 | import javax.persistence.FetchType; 9 | import javax.persistence.GeneratedValue; 10 | import javax.persistence.GenerationType; 11 | import javax.persistence.Id; 12 | import javax.persistence.JoinColumn; 13 | import javax.persistence.JoinTable; 14 | import javax.persistence.ManyToMany; 15 | import javax.persistence.ManyToOne; 16 | import javax.persistence.NamedQueries; 17 | import javax.persistence.NamedQuery; 18 | import javax.persistence.Table; 19 | 20 | import com.fasterxml.jackson.annotation.JsonBackReference; 21 | 22 | 23 | @Entity 24 | @Table(name = "Dependency") 25 | @NamedQueries({ 26 | @NamedQuery(name = "Dependency.findAll", query = "select d from Dependency d ORDER BY d.id") 27 | }) 28 | public class Dependency { 29 | 30 | private long id; // unique identifier 31 | private Card card; // the card this dependency belongs to 32 | private String description; // human-readable description to be displayed 33 | private Set tags; // tags that are required by this dependency 34 | 35 | /** 36 | * Default empty parameter constructor. 37 | */ 38 | public Dependency() { 39 | // left blank intentionally 40 | } 41 | 42 | public Dependency(String description) { 43 | this.description = description; 44 | } 45 | 46 | /** 47 | * 48 | * @return the id 49 | */ 50 | @Id 51 | @GeneratedValue(strategy = GenerationType.IDENTITY) 52 | @Column(name = "id") 53 | public long getId() { 54 | return id; 55 | } 56 | 57 | /** 58 | * 59 | * @param id the id to set 60 | */ 61 | public void setId(long id) { 62 | this.id = id; 63 | } 64 | 65 | /** 66 | * @return the card 67 | */ 68 | @ManyToOne(fetch = FetchType.EAGER) 69 | @JoinColumn(name = "cardId", referencedColumnName = "id") 70 | @JsonBackReference 71 | public Card getCard() { 72 | return card; 73 | } 74 | 75 | /** 76 | * @param card the card to set 77 | */ 78 | public void setCard(Card card) { 79 | this.card = card; 80 | } 81 | 82 | /** 83 | * 84 | * @return the description 85 | */ 86 | @Basic 87 | @Column(name = "description") 88 | public String getDescription() { 89 | return description; 90 | } 91 | 92 | /** 93 | * 94 | * @param description the description 95 | */ 96 | public void setDescription(String description) { 97 | this.description = description; 98 | } 99 | 100 | /** 101 | * @return the tags 102 | */ 103 | @ManyToMany(fetch = FetchType.EAGER) 104 | @JoinTable(name = "DependencyTags", 105 | joinColumns = @JoinColumn(name = "dependencyId", referencedColumnName = "id"), 106 | inverseJoinColumns = @JoinColumn(name = "tagId", referencedColumnName = "id")) 107 | public Set getTags() { 108 | return tags; 109 | } 110 | 111 | /** 112 | * @param tags the tags to set 113 | */ 114 | public void setTags(Set tags) { 115 | this.tags = tags; 116 | } 117 | 118 | /* (non-Javadoc) 119 | * @see java.lang.Object#hashCode() 120 | */ 121 | @Override 122 | public int hashCode() { 123 | final int prime = 31; 124 | int result = 1; 125 | result = prime * result 126 | + ((description == null) ? 0 : description.hashCode()); 127 | result = prime * result + (int) (id ^ (id >>> 32)); 128 | result = prime * result + ((tags == null) ? 0 : tags.hashCode()); 129 | return result; 130 | } 131 | 132 | /* (non-Javadoc) 133 | * @see java.lang.Object#equals(java.lang.Object) 134 | */ 135 | @Override 136 | public boolean equals(Object obj) { 137 | if (this == obj) 138 | return true; 139 | if (obj == null) 140 | return false; 141 | if (getClass() != obj.getClass()) 142 | return false; 143 | Dependency other = (Dependency) obj; 144 | if (description == null) { 145 | if (other.description != null) 146 | return false; 147 | } else if (!description.equals(other.description)) 148 | return false; 149 | if (id != other.id) 150 | return false; 151 | if (tags == null) { 152 | if (other.tags != null) 153 | return false; 154 | } else if (!tags.equals(other.tags)) 155 | return false; 156 | return true; 157 | } 158 | 159 | /* (non-Javadoc) 160 | * @see java.lang.Object#toString() 161 | */ 162 | @Override 163 | public String toString() { 164 | return "Dependency [id=" + id + ", description=" + description 165 | + ", tags=" + tags + "]"; 166 | } 167 | 168 | } 169 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/model/Instance.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.model; 5 | 6 | import java.util.Set; 7 | 8 | import javax.persistence.Basic; 9 | import javax.persistence.Column; 10 | import javax.persistence.Entity; 11 | import javax.persistence.FetchType; 12 | import javax.persistence.GeneratedValue; 13 | import javax.persistence.GenerationType; 14 | import javax.persistence.Id; 15 | import javax.persistence.JoinColumn; 16 | import javax.persistence.OneToMany; 17 | import javax.persistence.OneToOne; 18 | import javax.persistence.Table; 19 | 20 | import com.fasterxml.jackson.annotation.JsonManagedReference; 21 | 22 | /** 23 | * This class represents a complete instance of a trust framework and its components. 24 | * 25 | * @author wkim 26 | * 27 | */ 28 | @Entity 29 | @Table(name="Instance") 30 | public class Instance { 31 | 32 | private long id; // unique identifier 33 | private String name; // human-readable name 34 | 35 | private CardNode rootCardNode; 36 | private Set cardNodeTree; 37 | 38 | /** 39 | * @return the id 40 | */ 41 | @Id 42 | @GeneratedValue(strategy = GenerationType.IDENTITY) 43 | @Column(name = "id") 44 | public long getId() { 45 | return id; 46 | } 47 | /** 48 | * @param id the id to set 49 | */ 50 | public void setId(long id) { 51 | this.id = id; 52 | } 53 | /** 54 | * @return the name 55 | */ 56 | @Basic 57 | @Column(name = "name") 58 | public String getName() { 59 | return name; 60 | } 61 | /** 62 | * @param name the name to set 63 | */ 64 | public void setName(String name) { 65 | this.name = name; 66 | } 67 | /** 68 | * @return the rootCardNode 69 | */ 70 | @OneToOne(fetch = FetchType.EAGER) 71 | @JoinColumn(name = "rootCardNodeId", referencedColumnName = "id") 72 | @JsonManagedReference 73 | public CardNode getRootCardNode() { 74 | return rootCardNode; 75 | } 76 | /** 77 | * @param rootCardNode the rootCardNode to set 78 | */ 79 | public void setRootCardNode(CardNode rootCardNode) { 80 | this.rootCardNode = rootCardNode; 81 | } 82 | /** 83 | * @return the cardTree 84 | */ 85 | @OneToMany(fetch = FetchType.EAGER, mappedBy = "instance") 86 | @JsonManagedReference 87 | public Set getCardNodeTree() { 88 | return cardNodeTree; 89 | } 90 | /** 91 | * @param cardTree the cardTree to set 92 | */ 93 | public void setCardNodeTree(Set cardNodeTree) { 94 | this.cardNodeTree = cardNodeTree; 95 | } 96 | 97 | /* (non-Javadoc) 98 | * @see java.lang.Object#hashCode() 99 | */ 100 | @Override 101 | public int hashCode() { 102 | final int prime = 31; 103 | int result = 1; 104 | result = prime * result + ((cardNodeTree == null) ? 0 : cardNodeTree.hashCode()); 105 | result = prime * result + (int) (id ^ (id >>> 32)); 106 | result = prime * result + ((name == null) ? 0 : name.hashCode()); 107 | result = prime * result + ((rootCardNode == null) ? 0 : rootCardNode.hashCode()); 108 | return result; 109 | } 110 | /* (non-Javadoc) 111 | * @see java.lang.Object#equals(java.lang.Object) 112 | */ 113 | @Override 114 | public boolean equals(Object obj) { 115 | if (this == obj) 116 | return true; 117 | if (obj == null) 118 | return false; 119 | if (getClass() != obj.getClass()) 120 | return false; 121 | Instance other = (Instance) obj; 122 | if (cardNodeTree == null) { 123 | if (other.cardNodeTree != null) 124 | return false; 125 | } else if (!cardNodeTree.equals(other.cardNodeTree)) 126 | return false; 127 | if (id != other.id) 128 | return false; 129 | if (name == null) { 130 | if (other.name != null) 131 | return false; 132 | } else if (!name.equals(other.name)) 133 | return false; 134 | if (rootCardNode == null) { 135 | if (other.rootCardNode != null) 136 | return false; 137 | } else if (!rootCardNode.equals(other.rootCardNode)) 138 | return false; 139 | return true; 140 | } 141 | /* (non-Javadoc) 142 | * @see java.lang.Object#toString() 143 | */ 144 | @Override 145 | public String toString() { 146 | return "Instance [id=" + id + ", name=" + name + ", rootCardNode=" + rootCardNode + ", cardNodeTree=" 147 | + cardNodeTree + "]"; 148 | } 149 | } 150 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/model/InstanceCard.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.model; 5 | 6 | import java.util.List; 7 | 8 | /** 9 | * Container object for storing the intermediary JSON representation of instance cards. 10 | * @author wkim 11 | * 12 | */ 13 | public class InstanceCard { 14 | 15 | private long id; // card id 16 | private long parent; // id of parent card 17 | private List children; // list of ids of cards that fulfilled this card's dependencies 18 | /** 19 | * @return the id 20 | */ 21 | public long getId() { 22 | return id; 23 | } 24 | /** 25 | * @param id the id to set 26 | */ 27 | public void setId(long id) { 28 | this.id = id; 29 | } 30 | /** 31 | * @return the parent 32 | */ 33 | public long getParent() { 34 | return parent; 35 | } 36 | /** 37 | * @param parent the parent to set 38 | */ 39 | public void setParent(long parent) { 40 | this.parent = parent; 41 | } 42 | /** 43 | * @return the children 44 | */ 45 | public List getChildren() { 46 | return children; 47 | } 48 | /** 49 | * @param children the children to set 50 | */ 51 | public void setChildren(List children) { 52 | this.children = children; 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/model/Tag.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.model; 2 | 3 | import javax.persistence.Basic; 4 | import javax.persistence.Column; 5 | import javax.persistence.Entity; 6 | import javax.persistence.GeneratedValue; 7 | import javax.persistence.GenerationType; 8 | import javax.persistence.Id; 9 | import javax.persistence.NamedQueries; 10 | import javax.persistence.NamedQuery; 11 | import javax.persistence.Table; 12 | 13 | @Entity 14 | @Table(name = "Tag") 15 | @NamedQueries({ 16 | @NamedQuery(name = "Tag.findAll", query = "select t from Tag t ORDER BY t.id") 17 | }) 18 | public class Tag { 19 | 20 | private long id; // unique identifier 21 | private String name; // human-readable name 22 | 23 | /** 24 | * Default empty parameter constructor. 25 | */ 26 | public Tag(){ 27 | // left blank intentionally 28 | } 29 | 30 | public Tag(String name) { 31 | this.name = name; 32 | } 33 | 34 | /** 35 | * @return the id 36 | */ 37 | @Id 38 | @GeneratedValue(strategy = GenerationType.IDENTITY) 39 | @Column(name = "id") 40 | public Long getId() { 41 | return id; 42 | } 43 | 44 | /** 45 | * @param id the id to set 46 | */ 47 | public void setId(Long id) { 48 | this.id = id; 49 | } 50 | 51 | @Basic 52 | @Column(name = "name") 53 | public String getName() { 54 | return name; 55 | } 56 | 57 | public void setName(String name) { 58 | this.name = name; 59 | } 60 | 61 | @Override 62 | public int hashCode() { 63 | final int prime = 31; 64 | int result = 1; 65 | result = prime * result + (int) (id ^ (id >>> 32)); 66 | result = prime * result + ((name == null) ? 0 : name.hashCode()); 67 | return result; 68 | } 69 | 70 | @Override 71 | public boolean equals(Object obj) { 72 | if (this == obj) 73 | return true; 74 | if (obj == null) 75 | return false; 76 | if (getClass() != obj.getClass()) 77 | return false; 78 | Tag other = (Tag) obj; 79 | if (id != other.id) 80 | return false; 81 | if (name == null) { 82 | if (other.name != null) 83 | return false; 84 | } else if (!name.equals(other.name)) 85 | return false; 86 | return true; 87 | } 88 | 89 | @Override 90 | public String toString() { 91 | return "Tag [id=" + id + ", name=" + name + "]"; 92 | } 93 | 94 | } 95 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/repository/CardRepository.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.repository; 5 | 6 | import java.util.Set; 7 | 8 | import org.mitre.dtf.model.Card; 9 | 10 | /** 11 | * @author wkim 12 | * 13 | */ 14 | public interface CardRepository { 15 | 16 | public Set getAll(); 17 | 18 | public Card getById(long id); 19 | 20 | public void remove(Card card); 21 | 22 | public Card save(Card card); 23 | } 24 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/repository/InstanceRepository.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.repository; 5 | 6 | import org.mitre.dtf.model.Instance; 7 | 8 | /** 9 | * @author wkim 10 | * 11 | */ 12 | public interface InstanceRepository { 13 | 14 | public Instance getById(long id); 15 | 16 | public Instance save(Instance instance); 17 | } 18 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/repository/TagRepository.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.repository; 2 | 3 | import java.util.Set; 4 | 5 | import org.mitre.dtf.model.Tag; 6 | 7 | public interface TagRepository { 8 | public Set getAll(); 9 | public Tag getById(long id); 10 | public void remove(Tag tag); 11 | public Tag save(Tag tag); 12 | } 13 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/repository/impl/JpaCardRepository.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.repository.impl; 2 | 3 | import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; 4 | 5 | import java.util.LinkedHashSet; 6 | import java.util.Set; 7 | 8 | import javax.persistence.EntityManager; 9 | import javax.persistence.PersistenceContext; 10 | import javax.persistence.TypedQuery; 11 | 12 | import org.mitre.dtf.model.Card; 13 | import org.mitre.dtf.repository.CardRepository; 14 | import org.springframework.stereotype.Repository; 15 | import org.springframework.transaction.annotation.Transactional; 16 | 17 | /** 18 | * Repository layer for translating Card POJOs to and from database. 19 | * 20 | * @author wkim 21 | * 22 | */ 23 | @Repository("jpaCardRepository") 24 | public class JpaCardRepository implements CardRepository { 25 | 26 | @PersistenceContext 27 | private EntityManager em; 28 | 29 | @Override 30 | @Transactional 31 | public Set getAll() { 32 | 33 | TypedQuery query = em.createNamedQuery("Card.findAll", Card.class); 34 | 35 | return new LinkedHashSet(query.getResultList()); 36 | } 37 | 38 | @Override 39 | @Transactional 40 | public Card getById(long id) { 41 | return em.find(Card.class, id); 42 | } 43 | 44 | @Override 45 | @Transactional 46 | public void remove(Card card) { 47 | Card found = em.find(Card.class, card.getId()); 48 | 49 | if (found != null) { 50 | em.remove(card); 51 | } else { 52 | throw new IllegalArgumentException(); 53 | } 54 | } 55 | 56 | @Override 57 | @Transactional 58 | public Card save(Card card) { 59 | return saveOrUpdate(card.getId(), em, card); 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/repository/impl/JpaDependencyRepository.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.repository.impl; 2 | 3 | import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; 4 | 5 | import java.util.LinkedHashSet; 6 | import java.util.Set; 7 | 8 | import javax.persistence.EntityManager; 9 | import javax.persistence.PersistenceContext; 10 | import javax.persistence.TypedQuery; 11 | 12 | import org.mitre.dtf.model.Dependency; 13 | import org.springframework.stereotype.Repository; 14 | import org.springframework.transaction.annotation.Transactional; 15 | 16 | /** 17 | * Repository layer for translating Dependency POJOs to and from database. 18 | * 19 | * @author wkim 20 | * 21 | */ 22 | @Repository("jpaDependencyRepository") 23 | public class JpaDependencyRepository { 24 | 25 | @PersistenceContext 26 | private EntityManager em; 27 | 28 | @Transactional 29 | public Set getAll() { 30 | 31 | TypedQuery query = em.createNamedQuery("Dependency.findAll", Dependency.class); 32 | 33 | return new LinkedHashSet(query.getResultList()); 34 | } 35 | 36 | @Transactional 37 | public Dependency getById(long id) { 38 | return em.find(Dependency.class, id); 39 | } 40 | 41 | @Transactional 42 | public void remove(Dependency dependency) { 43 | Dependency found = em.find(Dependency.class, dependency.getId()); 44 | 45 | if (found != null) { 46 | em.remove(dependency); 47 | } else { 48 | throw new IllegalArgumentException(); 49 | } 50 | } 51 | 52 | @Transactional 53 | public Dependency save(Dependency dependency) { 54 | return saveOrUpdate(dependency.getId(), em, dependency); 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/repository/impl/JpaInstanceRepository.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.repository.impl; 5 | 6 | import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; 7 | 8 | import javax.persistence.EntityManager; 9 | import javax.persistence.PersistenceContext; 10 | 11 | import org.mitre.dtf.model.Instance; 12 | import org.mitre.dtf.repository.InstanceRepository; 13 | import org.springframework.stereotype.Repository; 14 | import org.springframework.transaction.annotation.Transactional; 15 | 16 | /** 17 | * @author wkim 18 | * 19 | */ 20 | @Repository("jpaInstanceRepository") 21 | public class JpaInstanceRepository implements InstanceRepository { 22 | 23 | @PersistenceContext 24 | private EntityManager em; 25 | 26 | /* (non-Javadoc) 27 | * @see org.mitre.dtf.repository.InstanceRepository#getById(long) 28 | */ 29 | @Override 30 | @Transactional 31 | public Instance getById(long id) { 32 | return em.find(Instance.class, id); 33 | } 34 | 35 | /* (non-Javadoc) 36 | * @see org.mitre.dtf.repository.InstanceRepository#save(org.mitre.dtf.model.Instance) 37 | */ 38 | @Override 39 | @Transactional 40 | public Instance save(Instance instance) { 41 | return saveOrUpdate(instance.getId(), em, instance); 42 | } 43 | 44 | } 45 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/repository/impl/JpaTagRepository.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.repository.impl; 2 | 3 | import java.util.LinkedHashSet; 4 | import java.util.Set; 5 | 6 | import javax.persistence.EntityManager; 7 | import javax.persistence.PersistenceContext; 8 | import javax.persistence.TypedQuery; 9 | 10 | import org.mitre.dtf.model.Tag; 11 | import org.mitre.dtf.repository.TagRepository; 12 | import org.mitre.util.jpa.JpaUtil; 13 | import org.springframework.stereotype.Repository; 14 | import org.springframework.transaction.annotation.Transactional; 15 | 16 | /** 17 | * Repository layer for translating Tag POJOs to and from the database. 18 | * 19 | * @author wkim 20 | * 21 | */ 22 | @Repository("jpaTagRepository") 23 | public class JpaTagRepository implements TagRepository { 24 | 25 | @PersistenceContext 26 | private EntityManager em; 27 | 28 | @Override 29 | @Transactional 30 | public Set getAll() { 31 | TypedQuery query = em.createNamedQuery("Tag.findAll", Tag.class); 32 | return new LinkedHashSet(query.getResultList()); 33 | } 34 | 35 | @Override 36 | @Transactional 37 | public Tag getById(long id) { 38 | return em.find(Tag.class, id); 39 | } 40 | 41 | @Override 42 | @Transactional 43 | public void remove(Tag tag) { 44 | Tag found = em.find(Tag.class, tag.getId()); 45 | 46 | if (found != null) { 47 | em.remove(tag); 48 | } else { 49 | throw new IllegalArgumentException(); 50 | } 51 | } 52 | 53 | @Override 54 | @Transactional 55 | public Tag save(Tag tag) { 56 | return JpaUtil.saveOrUpdate(tag.getId(), em, tag); 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/service/CardService.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.service; 5 | 6 | import java.util.List; 7 | import java.util.Set; 8 | 9 | import org.mitre.dtf.model.Card; 10 | import org.mitre.dtf.model.Instance; 11 | import org.mitre.dtf.model.InstanceCard; 12 | 13 | /** 14 | * @author wkim 15 | * 16 | */ 17 | public interface CardService { 18 | 19 | public Set getAllCards(); 20 | 21 | public Card getById(long id); 22 | 23 | public Card getNewCard(); 24 | 25 | public Card save(Card card); 26 | 27 | public Instance saveInstance(ListinstanceCards); 28 | } 29 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/service/TagService.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.service; 5 | 6 | import java.util.Set; 7 | 8 | import org.mitre.dtf.model.Tag; 9 | 10 | /** 11 | * @author wkim 12 | * 13 | */ 14 | public interface TagService { 15 | public Set getAll(); 16 | public Tag save(Tag tag); 17 | } 18 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/service/impl/DefaultCardService.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.service.impl; 5 | 6 | import java.util.ArrayList; 7 | import java.util.HashMap; 8 | import java.util.HashSet; 9 | import java.util.List; 10 | import java.util.Map; 11 | import java.util.Set; 12 | 13 | import org.mitre.dtf.model.Card; 14 | import org.mitre.dtf.model.CardNode; 15 | import org.mitre.dtf.model.Dependency; 16 | import org.mitre.dtf.model.Instance; 17 | import org.mitre.dtf.model.InstanceCard; 18 | import org.mitre.dtf.model.Tag; 19 | import org.mitre.dtf.repository.CardRepository; 20 | import org.mitre.dtf.service.CardService; 21 | import org.springframework.beans.factory.annotation.Autowired; 22 | import org.springframework.stereotype.Service; 23 | 24 | /** 25 | * @author wkim 26 | * 27 | */ 28 | @Service("defaultCardService") 29 | public class DefaultCardService implements CardService { 30 | 31 | @Autowired 32 | CardRepository cardRepository; 33 | 34 | /* (non-Javadoc) 35 | * @see org.mitre.dtf.service.CardService#getAllCards() 36 | */ 37 | @Override 38 | public Set getAllCards() { 39 | return cardRepository.getAll(); 40 | } 41 | 42 | @Override 43 | public Card getById(long id) { 44 | return cardRepository.getById(id); 45 | } 46 | 47 | @Override 48 | public Card getNewCard() { 49 | Card card = new Card(); 50 | card.setId(0L); 51 | card.setTitle("New Card"); 52 | card.setBusinessTxt("business text placeholder"); 53 | card.setLegalTxt("legal text placeholder"); 54 | card.setTechnicalTxt("technical text placeholder"); 55 | card.setProvidesTags(new HashSet()); 56 | card.setDependencies(new ArrayList()); 57 | return card; 58 | } 59 | 60 | @Override 61 | public Card save(Card card) { 62 | return cardRepository.save(card); 63 | } 64 | 65 | //TODO some error checking. What happens if bad instance card ids are sent? 66 | @Override 67 | public Instance saveInstance(List instanceCards) { 68 | 69 | Map idCardMap = new HashMap(); // for lookup by card id 70 | 71 | // build up deck of the actual cards in the instance 72 | for (InstanceCard ic : instanceCards) { 73 | Card card = cardRepository.getById(ic.getId()); 74 | idCardMap.put(ic.getId(), card); 75 | } 76 | 77 | // build up the card nodes and links 78 | for (InstanceCard ic : instanceCards) { 79 | Card currentCard = idCardMap.get(ic.getId()); 80 | //TODO actually do something with this instance 81 | 82 | } 83 | 84 | return null; 85 | } 86 | 87 | } 88 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/service/impl/DefaultTagService.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.service.impl; 5 | 6 | import java.util.Set; 7 | 8 | import org.mitre.dtf.model.Tag; 9 | import org.mitre.dtf.repository.TagRepository; 10 | import org.mitre.dtf.service.TagService; 11 | import org.springframework.beans.factory.annotation.Autowired; 12 | import org.springframework.stereotype.Service; 13 | 14 | /** 15 | * @author wkim 16 | * 17 | */ 18 | @Service("defaultTagService") 19 | public class DefaultTagService implements TagService { 20 | 21 | @Autowired 22 | TagRepository tagRepository; 23 | 24 | /* (non-Javadoc) 25 | * @see org.mitre.dtf.service.TagService#getAll() 26 | */ 27 | @Override 28 | public Set getAll() { 29 | return tagRepository.getAll(); 30 | } 31 | 32 | @Override 33 | public Tag save(Tag tag) { 34 | return tagRepository.save(tag); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/web/CardController.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.web; 2 | 3 | import java.security.Principal; 4 | import java.util.List; 5 | import java.util.Set; 6 | 7 | import org.mitre.dtf.model.Card; 8 | import org.mitre.dtf.model.InstanceCard; 9 | import org.mitre.dtf.service.CardService; 10 | import org.springframework.beans.factory.annotation.Autowired; 11 | import org.springframework.security.access.prepost.PreAuthorize; 12 | import org.springframework.web.bind.annotation.PathVariable; 13 | import org.springframework.web.bind.annotation.RequestBody; 14 | import org.springframework.web.bind.annotation.RequestMapping; 15 | import org.springframework.web.bind.annotation.RequestMethod; 16 | import org.springframework.web.bind.annotation.ResponseBody; 17 | import org.springframework.web.bind.annotation.RestController; 18 | 19 | 20 | @RestController 21 | public class CardController { 22 | 23 | @Autowired 24 | CardService cardService; 25 | 26 | @RequestMapping(value = "/card", method = RequestMethod.GET, produces = "application/json") 27 | @PreAuthorize("hasRole('ROLE_USER')") 28 | public @ResponseBody Set getAll(Principal p) { 29 | 30 | return cardService.getAllCards(); 31 | } 32 | 33 | @RequestMapping(value = "/card/{id}", method = RequestMethod.GET, produces = "application/json") 34 | @PreAuthorize("hasRole('ROLE_USER')") 35 | public @ResponseBody Card getCard(@PathVariable("id") long id) { 36 | return cardService.getById(id); 37 | } 38 | 39 | @RequestMapping(value = "/card/{id}", method = RequestMethod.PUT, consumes = "application/json") 40 | @PreAuthorize("hasRole('ROLE_USER')") 41 | public @ResponseBody Card updateCard(@RequestBody Card card) { 42 | return cardService.save(card); 43 | } 44 | 45 | @RequestMapping(value = "/card/new", method = RequestMethod.GET, produces = "application/json") 46 | @PreAuthorize("hasRole('ROLE_USER')") 47 | public @ResponseBody Card newCard() { 48 | return cardService.getNewCard(); 49 | } 50 | 51 | @RequestMapping(value = "/card/new", method = RequestMethod.POST, consumes = "application/json") 52 | @PreAuthorize("hasRole('ROLE_USER')") 53 | public @ResponseBody Card newCard(@RequestBody Card card) { 54 | return cardService.save(card); 55 | } 56 | 57 | @RequestMapping(value = "/instance", method = RequestMethod.POST, consumes = "application/json") 58 | @PreAuthorize("hasRole('ROLE_USER')") 59 | public @ResponseBody List saveInstance(@RequestBody List instanceCards) { 60 | 61 | cardService.saveInstance(instanceCards); 62 | 63 | return instanceCards; 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/dtf/web/TagController.java: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | */ 4 | package org.mitre.dtf.web; 5 | 6 | import java.util.Set; 7 | 8 | import org.mitre.dtf.model.Tag; 9 | import org.mitre.dtf.service.TagService; 10 | import org.springframework.beans.factory.annotation.Autowired; 11 | import org.springframework.security.access.prepost.PreAuthorize; 12 | import org.springframework.web.bind.annotation.RequestBody; 13 | import org.springframework.web.bind.annotation.RequestMapping; 14 | import org.springframework.web.bind.annotation.RequestMethod; 15 | import org.springframework.web.bind.annotation.ResponseBody; 16 | import org.springframework.web.bind.annotation.RestController; 17 | 18 | /** 19 | * @author wkim 20 | * 21 | */ 22 | @RestController 23 | public class TagController { 24 | 25 | @Autowired 26 | TagService tagService; 27 | 28 | @RequestMapping(value = "/tag", method = RequestMethod.GET, produces = "application/json") 29 | @PreAuthorize("hasRole('ROLE_USER')") 30 | public @ResponseBody Set getAll() { 31 | 32 | return tagService.getAll(); 33 | } 34 | 35 | @RequestMapping(value = "/tag/new", method = RequestMethod.POST, consumes = "application/json") 36 | @PreAuthorize("hasRole('ROLE_USER')") 37 | public @ResponseBody Tag addNewTag(@RequestBody String tagName) { 38 | Tag tag = new Tag(); 39 | tag.setName(tagName); 40 | return tagService.save(tag); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/util/jpa/JpaUtil.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2014 The MITRE Corporation 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | ******************************************************************************/ 16 | package org.mitre.util.jpa; 17 | 18 | import java.util.List; 19 | 20 | import javax.persistence.EntityManager; 21 | 22 | /** 23 | * @author mfranklin 24 | * Date: 4/28/11 25 | * Time: 2:13 PM 26 | */ 27 | public class JpaUtil { 28 | public static T getSingleResult(List list) { 29 | switch(list.size()) { 30 | case 0: 31 | return null; 32 | case 1: 33 | return list.get(0); 34 | default: 35 | throw new IllegalStateException("Expected single result, got " + list.size()); 36 | } 37 | } 38 | 39 | public static T saveOrUpdate(I id, EntityManager entityManager, T entity) { 40 | if (id == null) { 41 | entityManager.persist(entity); 42 | entityManager.flush(); 43 | return entity; 44 | } else { 45 | T tmp = entityManager.merge(entity); 46 | entityManager.flush(); 47 | return tmp; 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/java/org/mitre/util/json/CardDeserializer.java: -------------------------------------------------------------------------------- 1 | package org.mitre.util.json; 2 | 3 | import java.io.IOException; 4 | import java.util.ArrayList; 5 | import java.util.HashSet; 6 | import java.util.List; 7 | import java.util.Set; 8 | 9 | import org.mitre.dtf.model.Card; 10 | import org.mitre.dtf.model.Dependency; 11 | import org.mitre.dtf.model.Tag; 12 | 13 | import com.fasterxml.jackson.core.JsonParser; 14 | import com.fasterxml.jackson.core.JsonProcessingException; 15 | import com.fasterxml.jackson.core.ObjectCodec; 16 | import com.fasterxml.jackson.databind.DeserializationContext; 17 | import com.fasterxml.jackson.databind.JsonDeserializer; 18 | import com.fasterxml.jackson.databind.JsonNode; 19 | import com.fasterxml.jackson.databind.ObjectMapper; 20 | 21 | public class CardDeserializer extends JsonDeserializer { 22 | 23 | @Override 24 | public Card deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException { 25 | 26 | ObjectCodec oc = jp.getCodec(); 27 | JsonNode node = oc.readTree(jp); 28 | 29 | Card card = new Card(); 30 | 31 | card.setId(node.get("id").asLong()); 32 | card.setTitle(node.get("title").asText()); 33 | card.setBusinessTxt(node.get("businessTxt").asText()); 34 | card.setTechnicalTxt(node.get("technicalTxt").asText()); 35 | card.setLegalTxt(node.get("legalTxt").asText()); 36 | 37 | ObjectMapper objectMapper = new ObjectMapper(); 38 | 39 | Set tags = new HashSet(); 40 | for (JsonNode jn : node.get("providesTags")) { 41 | Tag tag = objectMapper.readValue(jn.toString(), Tag.class); 42 | tags.add(tag); 43 | } 44 | card.setProvidesTags(tags); 45 | 46 | List dependencies = new ArrayList(); 47 | for (JsonNode jn : node.get("dependencies")) { 48 | Dependency dependency = new Dependency(); 49 | dependency.setCard(card); 50 | dependency.setId(jn.get("id").asLong()); 51 | dependency.setDescription(jn.get("description").asText()); 52 | Set depTags = new HashSet(); 53 | for (JsonNode tagJn : jn.get("tags")) { 54 | Tag tag = objectMapper.readValue(tagJn.toString(), Tag.class); 55 | depTags.add(tag); 56 | } 57 | dependency.setTags(depTags); 58 | dependencies.add(dependency); 59 | } 60 | card.setDependencies(dependencies); 61 | 62 | return card; 63 | } 64 | 65 | } 66 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/resources/db/tables/hsql_database_tables.sql: -------------------------------------------------------------------------------- 1 | 2 | CREATE MEMORY TABLE PUBLIC.CARD(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,TITLE VARCHAR(256),BUSINESSTXT VARCHAR(4096),LEGALTXT VARCHAR(4096),TECHNICALTXT VARCHAR(4096)) 3 | ALTER TABLE PUBLIC.CARD ALTER COLUMN ID RESTART WITH 13 4 | CREATE MEMORY TABLE PUBLIC.TAG(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,NAME VARCHAR(256)) 5 | ALTER TABLE PUBLIC.TAG ALTER COLUMN ID RESTART WITH 23 6 | CREATE MEMORY TABLE PUBLIC.DEPENDENCY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,CARDID BIGINT,DESCRIPTION VARCHAR(4096)) 7 | ALTER TABLE PUBLIC.DEPENDENCY ALTER COLUMN ID RESTART WITH 25 8 | CREATE MEMORY TABLE PUBLIC.DEPENDENCYTAGS(DEPENDENCYID BIGINT,TAGID BIGINT,FOREIGN KEY(DEPENDENCYID) REFERENCES PUBLIC.DEPENDENCY(ID),FOREIGN KEY(TAGID) REFERENCES PUBLIC.TAG(ID)) 9 | CREATE MEMORY TABLE PUBLIC.PROVIDES(CARDID BIGINT,TAGID BIGINT,FOREIGN KEY(CARDID) REFERENCES PUBLIC.CARD(ID),FOREIGN KEY(TAGID) REFERENCES PUBLIC.TAG(ID)) 10 | CREATE MEMORY TABLE PUBLIC.INSTANCE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,NAME VARCHAR(256),ROOTCARDNODEID BIGINT) 11 | ALTER TABLE PUBLIC.INSTANCE ALTER COLUMN ID RESTART WITH 1 12 | CREATE MEMORY TABLE PUBLIC.CARDNODE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,CARDID BIGINT,PARENTCARDNODEID BIGINT,INSTANCEID BIGINT,FOREIGN KEY(CARDID) REFERENCES PUBLIC.CARD(ID),FOREIGN KEY(PARENTCARDNODEID) REFERENCES PUBLIC.CARDNODE(ID),FOREIGN KEY(INSTANCEID) REFERENCES PUBLIC.INSTANCE(ID)) 13 | ALTER TABLE PUBLIC.CARDNODE ALTER COLUMN ID RESTART WITH 1 14 | 15 | INSERT INTO CARD VALUES(1,'Trust Framework Rules Envelope','This card indicates the "party" and the location of the "Trust Framework System Rules". In theory any cards could be created in any order, but as a matter of conceptual and policy coherence, this card reflects an initialization steps providing a legal and business basis upon which selection, configuration and publishing the the other cards and corresponding rules, systems, services and transactions. Based on: https://github.com/mitreid-connect/trust-framework/blob/master/TrustFramework.md','These rules apply to the issuance, use, acceptance of or reliance on Derived Federated Credentials within the MITRE External Identity Federation. Neither this Trust Framework, nor any course between the Parties hereunder, shall constitute or create a partnership, joint venture, principal-agent relationship or employer-employee relationship between the Parties.','The following use cases are supported under this Trust Framework: [TBD] [Commentary: For so long as MITREid is an early-stage research prototype, it is premature to focus on detailed documentation of supported use cases. However, this draft Trust Framework anticipates a future state at which external and internal parties will seek to implement and interoperate with MITRE External Identity Federation services and the important role of this document to facilitate and regulate adoption. To that end, the types of technical use cases that would be relevant and constructive to detail in the future are noted below. MITREid User Logs Into Grey Listed Relying Party MITREid User Logs Into White Listed Relying Party MITREid User Logs Into Black Listed Relying Party Non-MITRE User Logs Into MITRE External Identity Federation Enabled Site Non-MITRE CAC User Logs Into MITRE External Identity Federation Enabled Site MITRE Relying Party Site Implements MITRE External Identity Federation Access Non-MITRE Identity Provider Added to MITRE External Identity Federation White List Non-MITRE Relying Party Site Accepts MITREid User Login]') 16 | INSERT INTO CARD VALUES(2,'Scope','This Trust Framework applies to the use by MITRE personnel of OpenID 2.0 and OpenID Connect, collectively called MITREid. This Trust Framework also applies to all non-MITRE users who connect to MITRE systems using the MITRE External Identity Federation.','The authoritative current version of the Trust Framework System Rules can be found at www.mitre.org/trustframework [note actual URL to be determined]. These Rules, including all documents explicitly Incorporated by Reference, provide standard default terms for use of the External Identity Federation, but in the event of a conflict between the terms of an existing contract between parties governing the terms of access to relevant applications or services, then the terms of the existing contract shall govern. When the text of these Rules explicitly refers to a \u201cdocument Incorporated by Reference\u201d and includes a URL to the authoritative version of that document, then the content of that document shall have the same force and effect as if directly published within these Rules.','reserved.') 17 | INSERT INTO CARD VALUES(3,'Roles','The following Roles exist within this system.','The following Roles exist within this system.','The following Roles exist within this system.') 18 | INSERT INTO CARD VALUES(4,'id.mitre.org','MITREid Connect is an implementation of OpenID Connect for use by MITRE employees. This service is available to all current MITRE employees on any site that supports the OpenID Connect protocol.','reserved','This OpenID Connect service is built from the MITREid Connect Open Source project started by The MITRE Corporation. This is a research prototype system with best-effort availability. This service aims to be a generally-applicable reference implementation of OpenID Connect and OAuth 2 and provides a range of useful features such as signed tokens and token introspection. This server also supports Dynamic Client Registration for the standard OpenID Connect scopes of openid , address , email , profile , phone , and offline_access . Other scopes and features are available by registering a client through a systems administrator. More information about the project can be found on the MTIREid Connect page on GitHub. There, you can submit bug reports, give feedback, or even contribute code patches for additional features you''d like to see. For server configuration details, go to: https://id.mitre.org/connect/.well-known/openid-configuration') 19 | INSERT INTO CARD VALUES(5,'oidc.mit.edu','MIT, This OpenID Connect service is built from the MITREid Connect Open Source project, from The MITRE Corporation and the MIT Kerberos and Internet Trust Consortium.','Massachusetts Institute of Technology, a not-for-profit corporation located at 77 Massachusetts Ave.','oidc.mit.edu, This OpenID Connect service is built from the MITREid Connect Open Source project, from The MITRE Corporation and the MIT Kerberos and Internet Trust Consortium. For server configuration details, go to: https://oidc.mit.edu/.well-known/openid-configuration') 20 | INSERT INTO CARD VALUES(6,'No Service Level Guarantee','Reasonable efforts are made to maintain service, however you may notice occasional outages or disruptions as MITREid is being continuously refined. Under this Trust Framework, support of MITRE External Identity Federation services as Identity Provider and/or Relying Party and/or otherwise may be modified or discontinued at any time and with no notice.','Reasonable efforts are made to maintain service, however you may notice occasional outages or disruptions as MITREid is being continuously refined. Under this Trust Framework, support of MITRE External Identity Federation services as Identity Provider and/or Relying Party and/or otherwise may be modified or discontinued at any time and with no notice.','reserved') 21 | INSERT INTO CARD VALUES(7,'Record Keeping & Logging','See legal and technical descriptions.','The required log files for Identity Providers and White Listed Relying Parties under Section 3.6 of this Trust Framework must be protected and maintained in accordance with reasonable commercial practices or as specified in any applicable certification or agreement. Such log files must be made available to MITRE upon request when reasonably necessary to ensure MITRE External Identity Federation system integrity or for purposes of troubleshooting MITRE system issues.','3.6.1. Identity Provider Event Logging An Identity Provider MUST log the following events: User approves a site User logs in to an Identity Provider User uses an Identity Provider to log into a Relying Party User denies log in to a Relying Party User revokes access to a Relying Party 3.6.2. The System Operator shall maintain records of the Identity Provider log files related to MITRE Users and required under Section 3.6.1 in accordance with MITRE Records Management Procedure IM 4.3.1.1. 3.6.3. White Listed Relying Party Event Logging A White Listed Relying Party MUST log the following events: User selects an Identity Provider to login to a Relying Party User uses an Identity Provider to login to a Relying Party User denies the authentication transaction') 22 | INSERT INTO CARD VALUES(8,'Liability','Reserved','THE MITRE CORPORATION MAKES NO WARRANTY, EXPRESS OR IMPLIED, AS TO THE ACCURACY, CAPABILITY, EFFICIENCY, MERCHANTABILITY, OR FUNCTIONALITY OF MITREid OR MITRE EXTERNAL IDENTITY FEDERATION OR ANY INFORMATION OR SERVICES COMPRISING OR RELATED TO MITREid OR MITRE EXTERNAL IDENTITY FEDERATION. IN NO EVENT WILL THE MITRE CORPORATION BE LIABLE FOR ANY GENERAL, CONSEQUENTIAL, INDIRECT, INCIDENTAL, EXEMPLARY, OR SPECIAL DAMAGES, EVEN IF MITRE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.','Reserved') 23 | INSERT INTO CARD VALUES(9,'The MITRE External Identity Federation Certification Policy','Certification is a material consideration favoring the System Operator decision on inclusion of parties to a White List, but is neither required nor sufficient.','Reserved for legal text.','White Listed Identity Providers have their Trust Root for OpenID 2.0 or Issuer for OpenID Connect reflected in the Relying Party.') 24 | INSERT INTO CARD VALUES(10,'Grey List Policy','Grey Listed sites include any Identity Provider or Relying Party that implements the standards in Section 3 and that has not been added to a White List or Black List by the System Operator. Any Grey Listed Relying Party may accept a Derived Federated Credential from any User and any User may use a Derived Federated Credential to access the site of any Grey Listed Relying Party. If an Identity Provider is Grey Listed, then the Relying Party makes the decision on a per use or other basis whether to accept and rely upon credentials issued by that Identity Provider. If a Relying Party is on a Grey List then the User makes the decision whether to authorize the use of their Derived Federated Credential to access the Relying Party site.','legal text placeholder','No additional configuration is required for any Grey List site or service.') 25 | INSERT INTO CARD VALUES(11,'White List Policy','The System Operator, by approval of or delegated authority by the Policy Authority, may add a Relying Party site to the MITREid White List, thereby allowing automated authorization for MITRE Users.','reserved','3.3.2. White Listed Identity Providers White Listed Identity Providers have their Trust Root for OpenID 2.0 or Issuer for OpenID Connect reflected in the Relying Party. 3.3.3. White Listed Relying Parties White Listed Relying Parties have their Trust Root for OpenID 2.0 and/or their Client ID for OpenID Connect configured in the Relying Party system.') 26 | INSERT INTO CARD VALUES(12,'Black List Policy','The System Operator may determine whether a site is in violation of these rules or otherwise disapproved for federation, and upon such determination may add that site to the MITREid Black List, thereby preventing a MITRE User from using their Derived Federated Credential to access such site and preventing Derived Federated Credentials from Black Listed Identity Providers from being used to access MITRE Relying Party sites under this Trust Framework.','reserved','3.3.4. Black Listed Identity Providers Black Listed Identity Providers have their Trust Root for OpenID 2.0 or Issuer for OpenID Connect configured to be denied in Relying Party system. 3.3.5. Black Listed Relying Parties Black Listed Relying Party\u2019s have their Trust Root for OpenID 2.0 and their redirect URI for OpenID Connect configured to be denied in the Relying Party system.') 27 | INSERT INTO TAG VALUES(1,'PolicyAuthorityParty') 28 | INSERT INTO TAG VALUES(2,'SystemEndpoint') 29 | INSERT INTO TAG VALUES(3,'ExecutiveOfficer') 30 | INSERT INTO TAG VALUES(4,'TrustFrameworkSystemRoles') 31 | INSERT INTO TAG VALUES(5,'SystemOperator') 32 | INSERT INTO TAG VALUES(6,'RelyingParty') 33 | INSERT INTO TAG VALUES(7,'TrustFramework') 34 | INSERT INTO TAG VALUES(8,'IdentityTrustFramework') 35 | INSERT INTO TAG VALUES(9,'Liability') 36 | INSERT INTO TAG VALUES(10,'Certification') 37 | INSERT INTO TAG VALUES(11,'SystemRoles') 38 | INSERT INTO TAG VALUES(12,'Roles') 39 | INSERT INTO TAG VALUES(13,'Scope') 40 | INSERT INTO TAG VALUES(14,'IdentityProvider') 41 | INSERT INTO TAG VALUES(15,'UserAuthority') 42 | INSERT INTO TAG VALUES(16,'WhiteList') 43 | INSERT INTO TAG VALUES(17,'BlackList') 44 | INSERT INTO TAG VALUES(18,'GreyList') 45 | INSERT INTO TAG VALUES(19,'SLA') 46 | INSERT INTO TAG VALUES(20,'Logging') 47 | INSERT INTO TAG VALUES(21,'Audit') 48 | INSERT INTO TAG VALUES(22,'User') 49 | INSERT INTO DEPENDENCY VALUES(5,3,'Policy Authority') 50 | INSERT INTO DEPENDENCY VALUES(6,3,'Relying Party') 51 | INSERT INTO DEPENDENCY VALUES(10,1,'Scope') 52 | INSERT INTO DEPENDENCY VALUES(11,1,'Liability') 53 | INSERT INTO DEPENDENCY VALUES(12,1,'Roles') 54 | INSERT INTO DEPENDENCY VALUES(14,1,'Certification') 55 | INSERT INTO DEPENDENCY VALUES(15,3,'Identity Provider') 56 | INSERT INTO DEPENDENCY VALUES(16,3,'User Authority') 57 | INSERT INTO DEPENDENCY VALUES(17,1,'White List') 58 | INSERT INTO DEPENDENCY VALUES(18,1,'Grey List') 59 | INSERT INTO DEPENDENCY VALUES(19,1,'Black List') 60 | INSERT INTO DEPENDENCY VALUES(20,1,'Service Level Agreement') 61 | INSERT INTO DEPENDENCY VALUES(21,1,'Record Keeping and Reporting') 62 | INSERT INTO DEPENDENCY VALUES(22,11,'Administrator of the white list') 63 | INSERT INTO DEPENDENCY VALUES(24,12,'Administrator of the black list') 64 | INSERT INTO DEPENDENCYTAGS VALUES(6,6) 65 | INSERT INTO DEPENDENCYTAGS VALUES(10,13) 66 | INSERT INTO DEPENDENCYTAGS VALUES(11,9) 67 | INSERT INTO DEPENDENCYTAGS VALUES(12,12) 68 | INSERT INTO DEPENDENCYTAGS VALUES(14,10) 69 | INSERT INTO DEPENDENCYTAGS VALUES(5,1) 70 | INSERT INTO DEPENDENCYTAGS VALUES(15,14) 71 | INSERT INTO DEPENDENCYTAGS VALUES(16,15) 72 | INSERT INTO DEPENDENCYTAGS VALUES(17,16) 73 | INSERT INTO DEPENDENCYTAGS VALUES(18,18) 74 | INSERT INTO DEPENDENCYTAGS VALUES(19,17) 75 | INSERT INTO DEPENDENCYTAGS VALUES(20,19) 76 | INSERT INTO DEPENDENCYTAGS VALUES(21,21) 77 | INSERT INTO DEPENDENCYTAGS VALUES(21,20) 78 | INSERT INTO DEPENDENCYTAGS VALUES(22,5) 79 | INSERT INTO DEPENDENCYTAGS VALUES(24,5) 80 | INSERT INTO PROVIDES VALUES(5,2) 81 | INSERT INTO PROVIDES VALUES(1,8) 82 | INSERT INTO PROVIDES VALUES(8,9) 83 | INSERT INTO PROVIDES VALUES(2,13) 84 | INSERT INTO PROVIDES VALUES(3,12) 85 | INSERT INTO PROVIDES VALUES(4,14) 86 | INSERT INTO PROVIDES VALUES(5,14) 87 | INSERT INTO PROVIDES VALUES(4,2) 88 | INSERT INTO PROVIDES VALUES(9,10) 89 | INSERT INTO PROVIDES VALUES(6,19) 90 | INSERT INTO PROVIDES VALUES(7,21) 91 | INSERT INTO PROVIDES VALUES(7,20) 92 | INSERT INTO PROVIDES VALUES(10,18) 93 | INSERT INTO PROVIDES VALUES(11,16) 94 | INSERT INTO PROVIDES VALUES(12,17) 95 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/resources/keystore.jwks: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "alg": "RSA256", 5 | "d": "GIW2b3-ig8rk-Pm3cD5VqRSxtKBJfNhuBCSNe1N6-_kGrk3M5MWgqEbJCzdoZz8M8fclE8sV11b9_-iQx2iVjaw77gHsGe-IUucSNEeW2VtvbpvgCklw-B3CathBMOuHzqCbafj-J6zJ9uxGUFhgUKkLWZJ1iSuIw7WfKoBx_jU", 6 | "e": "AQAB", 7 | "n": "qYJqXTXsDroPYyQBBmSolK3bJtrSerEm-nrmbSpfn8Rz3y3oXLydvUqj8869PkcEzoJIY5Xf7xDN1Co_qyT9qge-3C6DEwGVHXOwRoXRGQ_h50Vsh60MB5MIuDN188EeZnQ30dtCTBB9KDTSEA2DunplhwLCq4xphnMNUaeHdEk", 8 | "kty": "RSA", 9 | "kid": "rsa1" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/resources/log4j.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/META-INF/context.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/application-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 23 | 24 | 25 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/application.properties: -------------------------------------------------------------------------------- 1 | idp.url=http://localhost:8080/openid-connect-server/ 2 | admin.iss=http://localhost:8080/openid-connect-server/ 3 | admin.sub=subject-12345 -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/data-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/jpa-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/local-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/resources/css/trust.css: -------------------------------------------------------------------------------- 1 | /* 2 | To change this license header, choose License Headers in Project Properties. 3 | To change this template file, choose Tools | Templates 4 | and open the template in the editor. 5 | */ 6 | /* 7 | Created on : Aug 15, 2014, 2:01:36 PM 8 | Author : bkeyes 9 | */ 10 | body { 11 | margin: 40px; 12 | } 13 | 14 | .panel-info { 15 | background: #FAFAFC; 16 | width: 500px; 17 | border: solid 2px; 18 | margin: 20px; 19 | } 20 | 21 | .editableDependency { 22 | margin: 5px; 23 | border: dotted black 2px; 24 | } 25 | 26 | .provides { 27 | margin: 5px; 28 | margin-bottom: 10px; 29 | } 30 | 31 | .providesTag { 32 | border: solid 1px; 33 | margin: 1px; 34 | } 35 | 36 | .tab-content { 37 | border-left: 1px solid #ddd; 38 | border-right: 1px solid #ddd; 39 | border-bottom: 1px solid #ddd; 40 | padding: 10px; 41 | background-color: white 42 | } 43 | 44 | .nav-tabs { 45 | margin-bottom: 0; 46 | cursor: pointer; 47 | } 48 | 49 | .glyphicon { 50 | cursor: pointer; 51 | } 52 | 53 | .candidateCard { 54 | margin-left: 20px; 55 | cursor: pointer; 56 | } 57 | 58 | .dependency { 59 | display: inline-block; 60 | padding: 6px 12px; 61 | margin-bottom: 0; 62 | font-size: 14px; 63 | font-weight: normal; 64 | line-height: 1.42857143; 65 | text-align: center; 66 | white-space: nowrap; 67 | vertical-align: middle; 68 | border: 1px solid transparent; 69 | border-radius: 4px; 70 | color: #333; 71 | background-color: #fff; 72 | border-color: #ccc; 73 | } 74 | 75 | [contenteditable] { 76 | border: 1px dotted black; 77 | background-color: white; 78 | min-height: 20px; 79 | } -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/resources/js/trust.js: -------------------------------------------------------------------------------- 1 | var trustFrameworkApp = angular.module('trustFrameworkApp', [ 'ngRoute', 'customControl', 'trustControllers', 'ui.bootstrap' ]); 2 | 3 | trustFrameworkApp.config(function($routeProvider) { 4 | $routeProvider.when('/instance-builder', { 5 | templateUrl : "templates/instance-builder.html", 6 | controller : "instanceCtrl" 7 | }).when('/login', { 8 | templateUrl : "templates/login.jsp", 9 | controller : "loginCtrl" 10 | }).when('/card', { 11 | templateUrl : "templates/all-cards.html", 12 | controller : "instanceCtrl" 13 | }).when('/card/:cardId', { 14 | templateUrl : 'templates/card.html', 15 | controller : "cardCtrl" 16 | }).when('/card/new', { 17 | templateUrl : 'templates/new-card.html', 18 | controller : "newCardCtrl" 19 | }).otherwise({ 20 | template : 'Nothing to see here. Login or choose from one of the links.' 21 | }) 22 | }); 23 | 24 | 25 | 26 | angular.module('customControl', ['ngSanitize']). 27 | directive('contenteditable', ['$sce', function($sce) { 28 | return { 29 | restrict: 'A', // only activate on element attribute 30 | require: '?ngModel', // get a hold of NgModelController 31 | link: function(scope, element, attrs, ngModel) { 32 | if (!ngModel) return; // do nothing if no ng-model 33 | 34 | // Specify how UI should be updated 35 | ngModel.$render = function() { 36 | element.html($sce.getTrustedHtml(ngModel.$viewValue || '')); 37 | }; 38 | 39 | // Listen for change events to enable binding 40 | element.on('blur keyup change', function() { 41 | scope.$apply(read); 42 | }); 43 | read(); // initialize 44 | 45 | // Write data to the model 46 | function read() { 47 | var html = element.html(); 48 | // When we clear the content editable the browser leaves a
behind 49 | // If strip-br attribute is provided then we strip this out 50 | if ( attrs.stripBr && html == '
' ) { 51 | html = ''; 52 | } 53 | //ngModel.$setViewValue(html); 54 | } 55 | } 56 | }; 57 | }]); 58 | 59 | 60 | 61 | trustFrameworkApp.factory('trustServices', function() { 62 | var date = new Date(); 63 | var error = ""; 64 | 65 | return { 66 | // returns the set of cards that satisfy the input dependency 67 | getCandidateCards : function(cards, dependency) { 68 | var candidates = []; 69 | for (i = 0; i < cards.length; i++) { 70 | var currentCard = cards[i]; 71 | var isSuperset = dependency.tags.every(function(val) { 72 | return tagIndexOf(currentCard.providesTags, val) >= 0; 73 | }); 74 | if (isSuperset) { 75 | candidates.push(cards[i]); 76 | } 77 | } 78 | return candidates; 79 | }, 80 | } 81 | }); 82 | 83 | var trustControllers = angular.module('trustControllers', []); 84 | 85 | // Controller for editing card functionality. 86 | trustControllers.controller('cardCtrl', [ '$scope', 'trustServices', '$http', '$routeParams', 87 | function($scope, trustServices, $http, $routeParams) { 88 | $http.get('./card/' + $routeParams.cardId).success(function(data) { 89 | $scope.card = data; 90 | $scope.card.businessSelected = true; 91 | }).error(function(data) { 92 | $scope.error = data; 93 | }); 94 | 95 | $http.get('./tag').success(function(data) { 96 | $scope.allTags = data; 97 | }).error(function(data) { 98 | $scope.error = data; 99 | }); 100 | 101 | $scope.addNewTag = function() { 102 | $http({ 103 | url : './tag/new', 104 | method : 'POST', 105 | data : $scope.newTag, 106 | headers : { 107 | 'Content-Type' : 'application/json' 108 | } 109 | }).success(function(data) { 110 | $scope.newTag = data.name; 111 | }) 112 | }; 113 | 114 | $scope.removeProvidesTag = function(index) { 115 | 116 | $scope.card.providesTags.splice(index, 1); 117 | }; 118 | 119 | $scope.addNewDependency = function() { 120 | $scope.card.dependencies.push({"id":0,"description":"description placeholder","tags":[]}); 121 | } 122 | 123 | $scope.removeDependency = function(index) { 124 | $scope.card.dependencies.splice(index, 1); 125 | }; 126 | 127 | $scope.removeDependencyTag = function(dependencyIndex, tagIndex) { 128 | $scope.card.dependencies[dependencyIndex].tags.splice(tagIndex, 1); 129 | }; 130 | 131 | $scope.updateCard = function() { 132 | $http({ 133 | url : './card/' + $routeParams.cardId, 134 | method : 'PUT', 135 | data : $scope.card, 136 | headers : { 137 | 'Content-Type' : 'application/json' 138 | } 139 | }).success(function(data) { 140 | $scope.card = data; 141 | }) 142 | }; 143 | 144 | } ]); 145 | 146 | trustControllers.controller('newCardCtrl', ['$scope', 'trustServices', '$http', 147 | function($scope, trustServices, $http) { 148 | $http.get('./card/new').success(function(data) { 149 | $scope.card = data; 150 | $scope.card.businessSelected = true; 151 | }).error(function(data) { 152 | $scope.error = data; 153 | }); 154 | 155 | 156 | $http.get('./tag').success(function(data) { 157 | $scope.allTags = data; 158 | }).error(function(data) { 159 | $scope.error = data; 160 | }); 161 | 162 | $scope.addNewTag = function() { 163 | $http({ 164 | url : './tag/new', 165 | method : 'POST', 166 | data : $scope.newTag, 167 | headers : { 168 | 'Content-Type' : 'application/json' 169 | } 170 | }).success(function(data) { 171 | $scope.newTag = data; 172 | }) 173 | }; 174 | 175 | $scope.saveNewCard = function() { 176 | $http({ 177 | url : './card/new', 178 | method : 'POST', 179 | data : $scope.card, 180 | headers : { 181 | 'Content-Type' : 'application/json' 182 | } 183 | }).success(function(data) { 184 | $scope.card = data; 185 | }) 186 | }; 187 | 188 | $scope.removeProvidesTag = function(index) { 189 | 190 | $scope.card.providesTags.splice(index, 1); 191 | }; 192 | 193 | $scope.removeDependency = function(index) { 194 | $scope.card.dependencies.splice(index, 1); 195 | }; 196 | 197 | $scope.removeDependencyTag = function(dependencyIndex, tagIndex) { 198 | $scope.card.dependencies[dependencyIndex].tags.splice(tagIndex, 1); 199 | }; 200 | }]) 201 | 202 | trustControllers.controller('instanceCtrl', [ '$scope', 'trustServices', '$http', 203 | function($scope, trustServices, $http) { 204 | 205 | $scope.cards = []; 206 | $scope.instanceCards = []; 207 | $scope.instance = []; 208 | 209 | $http.get('./card').success(function(data) { 210 | $scope.cards = data; 211 | $scope.instanceCards.push(data[0]); // TODO make this intelligently choose root cards 212 | $scope.addJsonInstanceCard(data[0], ""); 213 | }).error(function(data) { 214 | $scope.error = data; 215 | }); 216 | 217 | $scope.getCandidateCards = function(dependency) { 218 | return trustServices.getCandidateCards($scope.cards, dependency); 219 | }; 220 | 221 | $scope.postInstance = function() { 222 | $http({ 223 | url : './instance', 224 | method : 'POST', 225 | data : $scope.instance, 226 | headers : { 227 | 'Content-Type' : 'application/json' 228 | } 229 | }).success(function(data) { 230 | $scope.instance = data; 231 | }) 232 | }; 233 | 234 | $scope.getJsonInstanceCard = function(card) { 235 | if (!card) { 236 | return "" 237 | } 238 | for (jic in $scope.instance) { 239 | if (jic.id === card.id) { 240 | return jic; 241 | } else { 242 | return ""; // not found 243 | } 244 | } 245 | }; 246 | 247 | $scope.addJsonInstanceCard = function(card, parent) { 248 | var jic = {}; 249 | var parentjic = $scope.getJsonInstanceCard(parent); 250 | if (parentjic) { 251 | jic = { 252 | "id" : card.id, 253 | "parent" : parentjic.id, 254 | "children" : [] 255 | }; 256 | $scope.getJsonInstanceCard(parent).children.push(card.id); 257 | } 258 | $scope.instance.push(jic); 259 | }; 260 | 261 | } ]); 262 | 263 | trustControllers.controller('loginCtrl', [ '$scope', 264 | function($scope) { 265 | $scope.setLocalhost = function() { 266 | $scope.identifier = 'http://localhost:8080/openid-connect-server-webapp/'; 267 | } 268 | 269 | $scope.setMitreidOrg = function() { 270 | $scope.identifier = 'user@mitreid.org'; 271 | } 272 | }]); 273 | 274 | // returns index of a tag in an array of tag objects, or -1 if not found 275 | function tagIndexOf(tags, searchTag) { 276 | for (var i = 0; i < tags.length; i++) { 277 | if (tags[i].id === searchTag.id) 278 | return i; 279 | } 280 | return -1; 281 | }; -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/servlet-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 9 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 30 | 31 | 32 | 33 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 43 | 44 | 45 | 47 | 48 | 49 | /WEB-INF/application.properties 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 125 | 126 | 127 | 130 | 131 | 132 | 133 | 134 | 139 | 140 | 141 | 142 | 143 | 149 | 150 | 151 | 152 | 153 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 170 | 171 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 193 | 194 | 195 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 224 | 225 | 226 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | openid 238 | email 239 | address 240 | profile 241 | phone 242 | 243 | 244 | 245 | 246 | 247 | http://localhost:8080/dynamic-trust-framework/openid_connect_login 248 | 249 | 250 | 251 | 252 | 258 | 265 | 266 | 267 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | openid 281 | email 282 | address 283 | profile 284 | phone 285 | 286 | 287 | 288 | 289 | 290 | http://localhost:8080/dynamic-trust-framework/openid_connect_login 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | openid 313 | email 314 | address 315 | profile 316 | phone 317 | 318 | 319 | 320 | 321 | 322 | http://localhost:8080/dynamic-trust-framework/openid_connect_login 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | openid 335 | email 336 | address 337 | profile 338 | phone 339 | 340 | 341 | 342 | 343 | 344 | http://localhost:8080/dynamic-trust-framework/openid_connect_login 345 | 346 | 347 | 348 | 349 | 355 | 362 | 363 | 364 | 365 | 370 | 371 | 372 | 373 | 374 | 378 | 379 | 380 | 381 | 382 | 387 | 388 | 391 | 392 | 393 | 396 | 397 | 398 | 399 | 400 | 403 | 404 | 405 | 406 | 407 | 408 | 409 | 410 | 411 | 412 | 413 | 414 | 415 | 416 | 421 | 422 | 425 | 426 | 427 | 428 | 432 | 433 | 434 | 435 | 436 | 437 | 438 | 439 | 440 | 441 | 442 | 445 | 446 | 447 | 448 | 449 | 450 | 451 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 9 | 12 | Archetype Created Web Application 13 | 14 | 16 | 17 | contextConfigLocation 18 | 19 | /WEB-INF/application-context.xml 20 | 21 | 22 | 23 | 24 | 25 | org.springframework.web.context.ContextLoaderListener 26 | 27 | 28 | 29 | dtf 30 | org.springframework.web.servlet.DispatcherServlet 31 | 32 | contextConfigLocation 33 | /WEB-INF/servlet-context.xml 34 | 35 | 1 36 | 37 | 38 | 39 | dtf 40 | / 41 | 42 | 43 | 44 | springSecurityFilterChain 45 | org.springframework.web.filter.DelegatingFilterProxy 46 | 47 | contextAttribute 48 | org.springframework.web.servlet.FrameworkServlet.CONTEXT.dtf 49 | 50 | 51 | 52 | 53 | springSecurityFilterChain 54 | /* 55 | 56 | 57 | 58 | 59 | index.jsp 60 | 61 | 62 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ taglib prefix="security" 2 | uri="http://www.springframework.org/security/tags"%> 3 | <%@ page language="java" contentType="text/html; charset=UTF-8" 4 | pageEncoding="UTF-8"%> 5 | 6 | 7 | 8 | 10 | 11 | 12 | 14 | 16 | 18 | 20 | 22 | 24 | 26 | 27 | 28 | Dynamic Trust Framework Webapp 29 | 30 | 31 |

Dynamic Trust Framework Webapp

32 | 33 |
34 |

35 | 36 | You are currently logged 37 | in. 38 | 39 |

47 | 48 | 49 | 50 | You are NOT 51 | currently logged in. 52 | 53 |
54 |

55 |
56 | 57 |

58 |
59 | 60 |
61 | 62 | 63 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/templates/all-cards.html: -------------------------------------------------------------------------------- 1 |
2 |
3 | 4 |
5 | 6 |

All Cards

7 |
8 |
9 |
10 |
11 |
12 | 13 |
14 |
15 | 16 |
17 |
18 |
19 | 20 | 21 |
Provides: 22 |

23 | {{tag.name}} 24 |

Depends on:
25 |

26 | 27 |
28 | 34 | 38 |
39 | 40 |
41 |
42 | 43 |
44 |
45 |
46 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/templates/card.html: -------------------------------------------------------------------------------- 1 |

Edit Card

2 | 3 |
4 | 5 |
6 | 7 |
8 | 9 | 10 |
11 | 12 | 13 |
14 |
15 |
16 | 17 | 18 |
19 |
20 | 21 | 22 |
23 |
24 |
25 | 26 | 27 |
Provides: 28 |

29 |

30 | 31 | 32 | {{tag.name}} 33 | 34 | 35 | 36 | 37 | 38 |
39 | 40 | 43 |
44 | 45 |
46 |

Depends on: 47 |

48 | 49 | 50 | 51 | Remove 52 | 53 |
54 | 55 |
56 | {{tag.name}} 58 | 59 | 60 |
61 | 62 | 65 |
66 |
67 | 68 | 69 |
70 |
71 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/templates/instance-builder.html: -------------------------------------------------------------------------------- 1 | 6 | 7 |
8 |
9 | 10 |
11 | 12 |

Instance Builder

13 | 14 |
15 | 17 |
18 | 19 |
20 |
21 |
22 |
23 |
24 | 25 |
26 | 27 | 28 |
29 |
30 | 31 |
32 | 33 |
34 | 35 |
36 | 37 |
Provides: 38 |

39 | {{tag.name}} 41 | 42 |

43 | Depends on:
44 |

45 |
46 | {{tag.name}} 48 |
Select a card:
49 |
50 | {{dependency.chosenCard.title}} 53 | 58 | 64 |
65 |
66 |
67 | 68 |
69 |
70 |
71 | 72 | -------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/templates/login.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=UTF-8" 2 | pageEncoding="UTF-8"%> 3 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> 4 | <%@ taglib prefix="security" 5 | uri="http://www.springframework.org/security/tags"%> 6 | 7 |
8 |
9 |
10 | 11 |

Log In

12 | 13 |

14 | Use this page to log in by entering an 15 | issuer URI 16 | or a 17 | webfinger identifier 18 | . Use the buttons to pre-fill the form with a known identifier. 19 |

20 | 21 |
22 |
23 | 24 |
25 | 27 |
28 | 29 |
30 | 32 |
33 |
34 | 35 |
36 | 37 |
38 |
39 | 41 |
42 |
43 | 44 |
45 | 46 |
47 |
48 |
49 |
-------------------------------------------------------------------------------- /dtf-webapp/src/main/webapp/templates/new-card.html: -------------------------------------------------------------------------------- 1 |

Create a New Card

2 | 3 |
4 | 5 |
6 | 7 | 8 |
9 | 10 | 11 |
12 |
13 |
{{card.title}}
14 | 15 |
16 | 17 | 18 | 19 |
20 |
21 |
22 |
{{card.businessTxt}}
23 |
{{card.legalTxt}}
24 |
{{card.technicalTxt}}
25 |
Provides: 26 |

27 |

28 | 29 | 30 | {{tag.name}} 31 | 32 | 33 | 34 | 35 | 36 |
37 | 38 | 41 |
42 | 43 |
44 |

Depends on: 45 |

46 | 47 | 48 | 49 | 50 |
{{dependency.description}}
51 | 52 |
53 | Required tags: 54 |

55 | {{tag.name}} 57 | 58 | 59 |

60 | 61 | 64 |
65 |
66 | 67 | 68 |
69 |
-------------------------------------------------------------------------------- /dtf-webapp/src/test/config/application-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 17 | 18 | 19 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 35 | 36 | 37 | 39 | 41 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /dtf-webapp/src/test/config/data-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /dtf-webapp/src/test/config/jpa-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /dtf-webapp/src/test/java/org/mitre/dtf/repository/JpaCardRepositoryTest.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.repository; 2 | 3 | import static org.junit.Assert.*; 4 | import static org.mitre.dtf.test.TestData.*; 5 | 6 | import java.util.ArrayList; 7 | import java.util.HashSet; 8 | import java.util.List; 9 | import java.util.Set; 10 | 11 | import org.junit.Before; 12 | import org.junit.Test; 13 | import org.junit.runner.RunWith; 14 | import org.mitre.dtf.model.Card; 15 | import org.mitre.dtf.model.Dependency; 16 | import org.mitre.dtf.model.Tag; 17 | import org.mitre.dtf.test.TestData; 18 | import org.springframework.beans.factory.annotation.Autowired; 19 | import org.springframework.test.context.ContextConfiguration; 20 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 21 | 22 | /** 23 | * WARNING: This unit test currently uses actual application context for testing. 24 | * This may have undesirable results on your persistent data store. 25 | * 26 | * Unit testing of JpaCardRepository class. These tests makes some assumptions 27 | * about the initial state of the db as scripted in the Card.sql resource file. 28 | * 29 | * @author wkim 30 | * 31 | */ 32 | @RunWith(SpringJUnit4ClassRunner.class) 33 | @ContextConfiguration("file:src/main/webapp/WEB-INF/application-context.xml") 34 | public class JpaCardRepositoryTest { 35 | 36 | @Autowired 37 | CardRepository cardRepository; 38 | 39 | @Before 40 | public void setUp() { 41 | TestData.initialize(); 42 | } 43 | 44 | @Test 45 | public void testInitialState() { 46 | 47 | Set cards = cardRepository.getAll(); 48 | 49 | assertTrue(cards.size() == 6); 50 | } 51 | 52 | @Test 53 | public void testRoundTrip() { 54 | 55 | Card testCard = new Card(); 56 | testCard.setTitle("New Card!"); 57 | testCard.setProvidesTags(new HashSet()); 58 | testCard.setDependencies(new ArrayList()); 59 | testCard.setId(0L); 60 | 61 | assertFalse(cardRepository.getAll().contains(testCard)); // should not exist in the repository already 62 | 63 | cardRepository.save(testCard); 64 | testCard.setId(7L); // card in db should have been autogenerated an id of 7 65 | 66 | Card result = cardRepository.getById(7L); 67 | Set allCards = cardRepository.getAll(); 68 | 69 | assertEquals(testCard, result); 70 | assertTrue(allCards.contains(testCard)); 71 | 72 | } 73 | 74 | @Test 75 | public void testDependencies() { 76 | 77 | Card c = cardRepository.getById(1); 78 | List dependencies = c.getDependencies(); 79 | 80 | assertTrue(dependencies.size() == 3); 81 | assertTrue(dependencies.contains(DEPENDENCY1)); 82 | assertTrue(dependencies.contains(DEPENDENCY2)); 83 | assertTrue(dependencies.contains(DEPENDENCY3)); 84 | } 85 | 86 | @Test 87 | public void testProvides() { 88 | 89 | Card c = cardRepository.getById(2); 90 | Set tags = c.getProvidesTags(); 91 | 92 | assertTrue(tags.size() == 1); 93 | assertTrue(tags.contains(TAG2)); 94 | } 95 | 96 | } 97 | -------------------------------------------------------------------------------- /dtf-webapp/src/test/java/org/mitre/dtf/repository/JpaInstanceRepositoryTest.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.repository; 2 | 3 | import static org.junit.Assert.*; 4 | import static org.mitre.dtf.test.TestData.*; 5 | 6 | import org.junit.Before; 7 | import org.junit.Test; 8 | import org.junit.runner.RunWith; 9 | import org.mitre.dtf.model.Instance; 10 | import org.mitre.dtf.test.TestData; 11 | import org.springframework.beans.factory.annotation.Autowired; 12 | import org.springframework.test.context.ContextConfiguration; 13 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 14 | 15 | /** 16 | * WARNING: This unit test currently uses actual application context for testing. 17 | * This may have undesirable results on your persistent data store. 18 | * 19 | * @author wkim 20 | * 21 | */ 22 | @RunWith(SpringJUnit4ClassRunner.class) 23 | @ContextConfiguration("file:src/main/webapp/WEB-INF/application-context.xml") 24 | public class JpaInstanceRepositoryTest { 25 | 26 | @Autowired 27 | InstanceRepository instanceRepository; 28 | 29 | // get testing data from with static import from TestData.java 30 | 31 | @Before 32 | public void setUp() throws Exception { 33 | TestData.initialize(); 34 | } 35 | 36 | @Test 37 | public void testRoundTrip() { 38 | instanceRepository.save(INSTANCE1); 39 | Instance result = instanceRepository.getById(1); 40 | assertEquals(INSTANCE1, result); 41 | } 42 | 43 | } 44 | -------------------------------------------------------------------------------- /dtf-webapp/src/test/java/org/mitre/dtf/test/TestData.java: -------------------------------------------------------------------------------- 1 | package org.mitre.dtf.test; 2 | 3 | import java.nio.charset.Charset; 4 | import java.util.ArrayList; 5 | import java.util.HashSet; 6 | 7 | import org.mitre.dtf.model.Card; 8 | import org.mitre.dtf.model.CardNode; 9 | import org.mitre.dtf.model.Dependency; 10 | import org.mitre.dtf.model.Instance; 11 | import org.mitre.dtf.model.Tag; 12 | import org.springframework.http.MediaType; 13 | 14 | import com.google.common.collect.Lists; 15 | import com.google.common.collect.Sets; 16 | 17 | /** 18 | * Class for storing unit test data in one place. 19 | * The initialize() method should be called before variables from here are used. 20 | * @author wkim 21 | * 22 | */ 23 | public final class TestData { 24 | 25 | /* 26 | * See src/resources/db/*.sql files for expected initial data. 27 | */ 28 | 29 | // test data 30 | public static final Card CARD1 = new Card(); 31 | public static final Card CARD2 = new Card(); 32 | 33 | public static final Dependency DEPENDENCY1 = new Dependency("Supporting Executive Officer"); 34 | public static final Dependency DEPENDENCY2 = new Dependency("Policy Authority Party"); 35 | public static final Dependency DEPENDENCY3 = new Dependency("System Endpoint"); 36 | public static final Dependency DEPENDENCY4 = new Dependency("Trust Framework System Roles"); 37 | 38 | public static final Tag TAG1 = new Tag("ExecutiveOfficer"); 39 | public static final Tag TAG2 = new Tag("PolicyAuthorityParty"); 40 | public static final Tag TAG3 = new Tag("SystemEndpoint"); 41 | public static final Tag TAG4 = new Tag("TrustFrameworkSystemRoles"); 42 | 43 | public static final CardNode CARDNODE1 = new CardNode(); 44 | public static final CardNode CARDNODE2 = new CardNode(); 45 | public static final Instance INSTANCE1 = new Instance(); 46 | 47 | public static final MediaType APPLICATION_JSON_UTF8 = new MediaType(MediaType.APPLICATION_JSON.getType(), 48 | MediaType.APPLICATION_JSON.getSubtype(), 49 | Charset.forName("utf8") 50 | ); 51 | 52 | public static void initialize() { 53 | TAG1.setId(3L); 54 | TAG2.setId(1L); 55 | TAG3.setId(2L); 56 | TAG4.setId(4L); 57 | 58 | DEPENDENCY1.setId(1L); 59 | DEPENDENCY1.setCard(CARD1); 60 | DEPENDENCY1.setTags(Sets.newHashSet(TAG1)); 61 | DEPENDENCY2.setId(2L); 62 | DEPENDENCY2.setCard(CARD1); 63 | DEPENDENCY2.setTags(Sets.newHashSet(TAG2)); 64 | DEPENDENCY3.setId(3L); 65 | DEPENDENCY3.setCard(CARD1); 66 | DEPENDENCY3.setTags(Sets.newHashSet(TAG3)); 67 | DEPENDENCY4.setId(4L); 68 | DEPENDENCY4.setCard(CARD2); 69 | DEPENDENCY4.setTags(Sets.newHashSet(TAG4)); 70 | 71 | CARD1.setId(1L); 72 | CARD1.setTitle("Trust Framework Rules Envelope"); 73 | CARD1.setBusinessTxt("This card indicates the \"party\" and the location of the \"Trust Framework System Rules\". In theory any cards could be created in any order, but as a matter of conceptual and policy coherence, this card reflects an initialization steps providing a legal and business basis upon which selection, configuration and publishing the the other cards and corresponding rules, sytstems, services and transactions."); 74 | CARD1.setLegalTxt("legal text"); 75 | CARD1.setTechnicalTxt("technical text"); 76 | CARD1.setProvidesTags(new HashSet()); 77 | CARD1.setDependencies(Lists.newArrayList(DEPENDENCY1, DEPENDENCY2, DEPENDENCY3)); 78 | 79 | CARD2.setId(2L); 80 | CARD2.setTitle("Policy Authority"); 81 | CARD2.setBusinessTxt("business text"); 82 | CARD2.setLegalTxt("legal text"); 83 | CARD2.setTechnicalTxt("technical text"); 84 | CARD2.setProvidesTags(Sets.newHashSet(TAG2)); 85 | CARD2.setDependencies(Lists.newArrayList(DEPENDENCY4)); 86 | 87 | CARDNODE1.setId(1); 88 | CARDNODE1.setCard(CARD1); 89 | CARDNODE1.setChildCardNodes(Lists.newArrayList(CARDNODE2)); 90 | CARDNODE1.setInstance(INSTANCE1); 91 | CARDNODE2.setId(2); 92 | CARDNODE2.setCard(CARD2); 93 | CARDNODE2.setParentCardNode(CARDNODE1); 94 | CARDNODE2.setChildCardNodes(new ArrayList()); 95 | CARDNODE2.setInstance(INSTANCE1); 96 | 97 | INSTANCE1.setId(1L); 98 | INSTANCE1.setName("First Instance"); 99 | INSTANCE1.setRootCardNode(CARDNODE1); 100 | INSTANCE1.setCardNodeTree(Sets.newHashSet(CARDNODE1, CARDNODE2)); 101 | 102 | } 103 | } 104 | -------------------------------------------------------------------------------- /modular-provisions/CertificationTXT.md: -------------------------------------------------------------------------------- 1 | Title: Certification 2 | 3 | BusinessTxt: Certification is a material consideration favoring the System Operator decision on inclusion of parties to a White List, but is neither required nor sufficient. 4 | 5 | The MITRE External Identity Federation Certification ia available at https://kantarainitiative.org/trust-registry/ktr-status-list and ia comprised as follows: 6 | 7 | MITREid OpenID 2.0 8 | Contact: Justin Richer 9 | jricher@mitre.org 10 | 11 | Type: Credential Service Provider – Full 12 | 13 | LoA: 1 14 | 15 | Conditions: None 16 | 17 | Jurisdiction: USA 18 | 19 | Additional Criteria: 20 | 21 | US ICAM OpenID 2.0 Deployment Profile 22 | 23 | IAF US Federal Additional Privacy Criteria 24 | 25 | Grant ID: IAF-Approval-13.01-KI 26 | 27 | Grant Date: 28 | 29 | New: June 27, 2013 30 | 31 | Renewal: June 2014 32 | 33 | Expire: June 2016 34 | 35 | LegalTxt: Reserved 36 | 37 | TechnicalTxt: Reserved 38 | 39 | Provide: Reserved 40 | 41 | Depends: System Operator 42 | 43 | Source: 44 | 45 | -------------------------------------------------------------------------------- /modular-provisions/ExecutiveOfficerTXT.md: -------------------------------------------------------------------------------- 1 | Title: Executive 2 | 3 | BusinessTxt: An Executive includes any Director, Vice President, Senior Vice President, President or Chief Executive Officer of the MITRE Corporation. 4 | 5 | LegalTxt: Reserved 6 | 7 | TechnicalTxt: Reserved 8 | 9 | CommentsTxt: Reserved 10 | 11 | Provide: Reserved 12 | 13 | Depends: Party 14 | 15 | Source: Reserved 16 | 17 | -------------------------------------------------------------------------------- /modular-provisions/LiabilityTxt.md: -------------------------------------------------------------------------------- 1 | Title: Liability Text 2 | 3 | BusinessTxt: Reserved 4 | 5 | LegalTxt: THE MITRE MAKES NO WARRANTY, EXPRESS OR IMPLIED, AS TO THE ACCURACY, CAPABILITY, EFFICIENCY, MERCHANTABILITY, OR FUNCTIONALITY OF MITREid OR MITRE EXTERNAL IDENTITY FEDERATION OR ANY INFORMATION OR SERVICES COMPRISING OR RELATED TO MITREid OR MITRE EXTERNAL IDENTITY FEDERATION. IN NO EVENT WILL THE MITRE BE LIABLE FOR ANY GENERAL, CONSEQUENTIAL, INDIRECT, INCIDENTAL, EXEMPLARY, OR SPECIAL DAMAGES, EVEN IF MITRE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 6 | 7 | ANY NON-MITRE PARTY SUBJECT TO THIS TRUST FRAMEWORK AGREES TO INDEMNIFY AND HOLD HARMLESS MITRE, ITS AFFILIATES AND SUBSIDIARIES, AND THEIR RESPECTIVE DIRECTORS OR TRUSTEES, OFFICERS, EMPLOYEES AND AGENTS FROM ANY AND ALL INJURIES, LOSSES, CLAIMS AND DAMAGES TO ANY PERSON OR PROPERTY UNDER ANY THEORY OF LIABILITY AND IRRESPECTIVE OF THE CAUSE OF SAID LIABILITY, AND ALL COSTS AND EXPENSES INCLUDING WITHOUT LIMITATION, ATTORNEYS' FEES AND ANY OTHER LIABILITIES INCURRED BY MITRE AS A RESULT OF ANY NEGLIGENT OR WILLFUL ACTION OR OMISSION OF SUCH PARTY, HIS/HER EMPLOYEES OR AGENTS, OR ARISING OUT OF OR RESULTING IN ANY MANNER IN WHOLE OR IN PART FROM THE SUCH PARTY’S USE OF OR RELIANCE UPON MITREid OR MITRE EXTERNAL IDENTITY FEDERATION OR ANY INFORMATION OR SERVICES COMPRISING OR RELATED TO MITREid OR MITRE EXTERNAL IDENTITY FEDERATION. 8 | 9 | TechnicalTxt: Reserved 10 | 11 | Provide: Reserved 12 | 13 | Depends: Policy Authority 14 | 15 | Source: https://github.com/mitreid-connect/trust-framework/blob/9e4d41554d151ed2679c736008b606c34e982569/TrustFramework.md#23-liability-warranties-and-indemnification -------------------------------------------------------------------------------- /modular-provisions/README.md: -------------------------------------------------------------------------------- 1 | Read me coming soon... 2 | -------------------------------------------------------------------------------- /modular-provisions/RoleTXT.md: -------------------------------------------------------------------------------- 1 | Title: Roles 2 | 3 | BusinessTxt: The following Roles exist within this system. 4 | 5 | LegalTxt: Reserved 6 | 7 | TechnicalTxt: Reserved 8 | 9 | Provide: Policy Authority; System Operator; Identity Provider; User Authority; User; Relying Party; Certification Assessor; Executive 10 | 11 | Depends: Policy Authority 12 | 13 | Source: https://github.com/mitreid-connect/trust-framework/blob/9e4d41554d151ed2679c736008b606c34e982569/TrustFramework.md#12-roles-and-relationships 14 | 15 | -------------------------------------------------------------------------------- /modular-provisions/ScopeTXT.md: -------------------------------------------------------------------------------- 1 | Title: Scope 2 | 3 | BusinessTxt: This Trust Framework applies to the use by MITRE personnel of OpenID 2.0 and OpenID Connect as described in Section 3, collectively called MITREid. This Trust Framework also applies to all non-MITRE users who connect to MITRE systems using the MITRE External Identity Federation. 4 | 5 | LegalTxt: Reserved 6 | 7 | TechnicalTxt: Reserved 8 | 9 | Provides: Reserved 10 | 11 | Depends: Policy Authority 12 | 13 | Source: https://github.com/mitreid-connect/trust-framework/blob/9e4d41554d151ed2679c736008b606c34e982569/TrustFramework.md#11-scope -------------------------------------------------------------------------------- /modular-provisions/SystemOperatorTXT.md: -------------------------------------------------------------------------------- 1 | Title: System Operator 2 | 3 | BusinessTxt: The system operator is responsible for implementing and administering MITRE External Identity Federation use by MITRE. 4 | 5 | LegalTxt: Reserved 6 | 7 | TechnicalTxt: Reserved 8 | 9 | CommentsTxt: Reserved 10 | 11 | Provide: Party 12 | 13 | Depends: Roles 14 | 15 | Source: https://github.com/mitreid-connect/trust-framework/blob/9e4d41554d151ed2679c736008b606c34e982569/TrustFramework.md#122--system-operator 16 | -------------------------------------------------------------------------------- /modular-provisions/TemplateTXT.md: -------------------------------------------------------------------------------- 1 | Title: 2 | 3 | BusinessTxt: Reserved 4 | 5 | LegalTxt: Reserved 6 | 7 | TechnicalTxt: Reserved 8 | 9 | CommentsTxt: Reserved 10 | 11 | Provide: Reserved 12 | 13 | Depends: Reserved 14 | 15 | Source: Reserved 16 | 17 | --------------------------------------------------------------------------------