Clojure in the Service of Her Majesty's Government

Rachel Newstead

Philip Potter

http://philandstuff.github.io/clojure-hmg/

GOV.UK Verify benefits

single set of credentials for all of government
services don't have to reinvent the wheel
separation of data:
- services don't get access unless you log in to them
- identity providers don't know which service you're using

Not all services fit the current GOV.UK Verify

Presidents change over time

Wands belong to club, not to president
Need to register to the club
How does the Ministry know we're a real club?
How does the Ministry know I'm really the president?

Delegation

Can I delegate wand registration to the club administrator?
Can I delegate tax affairs to my accountant?
Can I ensure my accountant can't register wands, nor my administrator claim tax rebates?

Identity Assurance for Organisations and Agents

Alpha

Can we build something that people would want to use?

The team

User research

Static HTML prototype
How do we present the concepts?
What do people need?

Architecture

Clojure service prototypes
What can we build?
Where do responsibilities lie?
What technology would help?

Introduction to web auth

eg OAuth, SAML, OpenID Connect

User requests to use service

Service redirects user to IdP with authentication request

User authenticates with IdP

IdP redirects user to service with signed response

Web auth with hub

User requests to use service

Service redirects user to Identity Hub Service with authentication request

User selects IdP

Hub redirects user to selected IdP with authentication request

User authenticates with IdP

IdP redirects user back to hub with signed response

Hub redirects user back to service with signed response

Technical questions

What would the architecture look like?

How many components are there?

How are responsibilities split?

Clojure!

Upsides

Moving quickly
JSON for OpenID Connect
JVM

Downsides

Lock-in?
Hiring?
This is a prototype

how was it using clojure for the first time?

for someone who had never used it before?

Easy to pick up
Concise
Not much code!

http requests and responses are maps


(defn app-routes [config]
  (handler/site
    (routes
      (GET "/hello/:name" [name :as request]
        (fail-> request
               (re/validate! :headers-contain "mock_authorization")
               (resp/get-header "mock_authorization")
               (say-hello name config))))))

4 of us on the team, mostly pair programming 1 had used emacs, 1 vi, 2 of us neither easier to use the same ide when you're pairing? emacs has evil mode for our vi user 2 of us would have to learn something new anyway although i’ve recently been hearing good things about cursive plugin for intellij so decided to use emacs much steeper learning curve than clojure still struggled with it by the end missed having an ide for small refactors and renames by halfway felt like it wasn't actively blocking me getting things done but also didn't feel like it was helping recommendation if you want to get moving quickly with clojure, maybe don't try to learn emacs at the same time!

how was it using clojure for the first time?

for a keen hobbyist?

what worked?

reloaded workflow


(defonce candela nil)

(defn go []
  (alter-var-root #'candela
    (constantly (jetty/run-jetty (cweb/app config)))))

(defn stop []
  (.stop candela))

(defn reset []
  (stop)
  (repl/refresh :after 'user/go))

so you define a reset function in user.clj this is loaded by default when you start the repl stops the running app reloads changed namespaces creates and starts the app again all within the same jvm so super fast the other great thing about this, that you can’t really see from this example - is that we actually ended up with about 5 different web services that we were running at once. The reloaded workflow meant that we could make a change to a bit of code that was used by more than one of the services, and by calling refresh, both would pick up the changes straightaway. definitely recommend getting this working as soon as possible, we left it quite late the only thing that was not so awesome with this, and we’ll talk more about this later is when we wanted to change something on the ui we used enlive for templating, and had jade files that produced html when a jade or html file changed on disk it was not picked up by the reloaded flow this was the only limitation we found

kerodon


(-> (session ring-app)
  (visit "/")
  (follow "login")
  (fill-in "User:" "username")
  (fill-in "Password:" "password")
  (press "Login")
  (follow-redirect)
  (has (missing? [:#no-such-element])
       "User shouldn't see the no-such-element"))


(-> (ida-session (combined-handler)
  (visit "http://wands.gov.uk/register")
  (helpers/sign-in)
  (follow "Delegate your authority")
  (visit "http://wands.gov.uk/persist-delegation"
         :request-method :post)
  (follow-redirect) ; to Identity Provider
  (press "Continue")
  (follow-redirect) ; back to service
  (check-response
    (should-redirect-to
      "http://wands.gov.uk/"))))


(defn combined-handler []
  (let [apps {"idp.com"       michie/handler
              "orch.gov.uk"   knox/handler
              "wands.gov.uk"  candela/handler
              "orgs.gov.uk"   al-kindi/handler
              "agents.gov.uk" wheatstone/handler}]
    (fn [req]
      (let [app (get apps (:server-name req)
                     default-handler)]
        (app req)))))

Source: http://www.horniman.ac.uk/collections/the-wayne-collection

experimenting with architecture

Adding a hub in the middle brings this flexibility work with multiple services work with multiple idps only need to change the hub in the middle also a layer of privacy in the middle the service doesn't need to know which idp is being used idp doesn't need to know which service is being used to the service the hub looks like an idp to the idp the hub looks like a service how gov uk verify works hub doesn't store any data just passes data around with ring and compojure it was easy to add another web service and easy to develop as we had the reloaded flow and easy to test because of the combined handler pattern

47 Plaza Street West, Brooklyn, NY designed by Rosario Candela, Wikipdeia

New York apartment block designed by Rosario Candela

Donald Michie

Al-Kindi

"the father of Arabic philosophy"

what didn't go so well?

enlive

Using static HTML prototype for templates
Auto-reloading cgrand/enlive#6

Stubbing

clj-http-fake (built on robert/hooke)
with-redefs
Joseph Wilk, Isolating External Dependencies
didn't feel able to switch to component half-way through

was it a success?

what is happening now?

Can we build something that people would want to use?

“Remember that a primary goal during the alpha is learning. We might not be ready to make the investment in creating production-ready systems. In particular, that investment might be premature if the team learns they are not solving the right problem.”

We found that the needs for organisation identity assurance are not the same across services for example, accountability. So for the wands registry service when I act on behalf of my organisation to register wands, I am accountable for any accidents that are caused by these wands. This means it’s essential that I prove to a highly assured level who I am, who my organisation is, and that I have the authority to act on behalf of this organisation For other services, e.g. registering company vehicles with DVLA, I am not accountable for anything. So if there is an accident resulting from a vehicle registered to my organisation, it does not matter who has registered the vehicle, it matters who is driving. some services need fine grained perms, others don't for example, in the wands service I can simply register wands, whereas in other services, for example an HMRC service to pay tax on behalf of my organisation, there may be some taxes I can pay, some I don’t have the authority to pay. doesn't make sense for gds to build a govt wide thing Also we found through user research that some services already have relationships established if you’re the headmaster of hogwarts and have been registering wands for ten years with the ministry of magic you don't want to suddenly prove that you have the authority to do so

https://identityassurance.blog.gov.uk/2014/10/20/identity-assurance-for-organisations-and-agents/

Clojure in the Service of Her Majesty's Government

Rachel Newstead

Philip Potter

http://philandstuff.github.io/clojure-hmg/

GOV.UK Verify benefits

Not all services fit the current GOV.UK Verify

Presidents change over time

Delegation

Identity Assurance for Organisations and Agents

Alpha

Can we build something that people would want to use?

The team

User research

Architecture

Introduction to web auth

eg OAuth, SAML, OpenID Connect

User requests to use service

Service redirects user to IdP with authentication request

User authenticates with IdP

IdP redirects user to service with signed response

Web auth with hub

User requests to use service

Service redirects user to Identity Hub Service with authentication request

User selects IdP

Hub redirects user to selected IdP with authentication request

User authenticates with IdP

IdP redirects user back to hub with signed response

Hub redirects user back to service with signed response

Technical questions

What would the architecture look like?

How many components are there?

How are responsibilities split?

Clojure!

Upsides

Downsides

how was it using clojure for the first time?

for someone who had never used it before?

http requests and responses are maps

how was it using clojure for the first time?

for a keen hobbyist?

what worked?

reloaded workflow

kerodon

experimenting with architecture

Al-Kindi

what didn't go so well?

enlive

Stubbing

was it a success?

what is happening now?

Can we build something that people would want to use?

would we use clojure for a similar project?

Links

fin

Philip Potter

@philandstuff

Rachel Newstead

@rnewstead

philandstuff.github.io/clojure-hmg