incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "AmberProposal" by SimoneTripodi
Date Sat, 24 Apr 2010 14:52:39 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The "AmberProposal" page has been changed by SimoneTripodi.
http://wiki.apache.org/incubator/AmberProposal?action=diff&rev1=7&rev2=8

--------------------------------------------------

  Amber will provide both client and server functionality, enabling developers to deploy robust
OAuth services with minimal effort.
  
  == Background ==
- OAuth is an open protocol to allow secure API authorization in a simple and standard method
from desktop and web applications. www.oauth.net.
+ Roughly, OAuth is a mechanism that allows users to share their private resources, like photo,
videos or contacts, stored on a site with another site avoiding giving their username and
password credentials.
+ Hence, from the user point-of-view, OAuth could be the way to improve their experience across
different applications with an enhanced privacy and security control in a simple and standard
method from desktop and web applications.
+ The protocol was initially developed by the oauth.net community and now is under IETF standardization
process.
+ 
+ The main idea behind OAuth is represented by the token concept. Each token grants access
to a site, for a specific resource (or a group of resources), and for a precise time-interval.
+ 
+ Moreover, the total transparency to the user, that is completely unaware of using the protocol,
represents one of the main valuable characteristics of the specification.
+ 
+ Apache Amber community aims not just to create a simple low-level library, but rather to
provide a complete OAuth framework easy to use with Java code, on top of which users can build
new-generation killer applications.
  
  There are currently two implementation efforts going on in ASF for OAuth v1. A stable implementation
of OAuth v1 is present in Apache Shindig, but it is not actively developed and not shared
with other projects. A Lab having Simone Tripodi as its PI is working on an implementation
for an OAuth library that could be used by other products.
  
  At the same time, on the IETF OAuth v2 mailing list, other people expressed interest for
a Java API and implementation, among them two Apache committers and one active contributor.
+  
- 
- A number of Apache projects (TODO) could be interested in adopting OAuth.
  
  == Rationale ==
- OAuth is increasingly popular and as an authentication and authorization technology it will
both reassure users and benefit the project to be developed in an open source environment.
 Combining efforts from existing Apache projects is a logical step.
+ The key role played by the OAuth specification, within the overall Open Stack technologies,
jointly with its high degree of adoption and maturity, strongly suggest having an Apache leaded
incubator for suitable reference implementation.
+ Furthermore, the OAuth specification is currently gaining value due to its involvement in
a standardization process within the IETF, as the actual internet draft.
+ Having the Apache Amber as an Apache Incubator could be an opportunity to enforce the actual
Apache projects that already reference other IETF specifications.
  
+ Moreover, other Apache Projects, such as Abdera, Shindig and Wink, are currently supporting
the OAuth protocol, so having the OAuth Apache reference implementation should benefit not
only the project and the related commmunity itself, but also existing and active Apache projects.
+ Combining efforts from existing Apache projects is a logical step.
+ 
- Providing an Apache licensed library will make it easier for other Apache projects to integrate
OAuth.
+ Providing an Apache licensed library will make it easier for other Apache projects to integrate
OAuth, like, for example:
+ 
+  * It could be the foundation framework for Consumer developers;
+ 
+  * It could be the foundation Framework for Service Provider developers;
+ 
+  * It could be integrated into Apache Shindig;
+ 
+  * It could be integrated into Apache Abdera;
+ 
+  * It could be integrated into Apache Wink;
+ 
+  * It could be integrated into Spring Security;
+ 
+  * It could be integrated into Jakarta JMeter;
+ 
+  * Most importantly, it could be a backend for dozens of useful new innovative projects
that no-one has envisioned yet.
  
  = Current Status =
  Code in the Amber Lab and in Apache Shindig is already licensed to the ASF. More contributions
of code and ideas are expected from initial committers, so an implementation of OAuth v1 should
be reached quickly, and act as a base for an OAuth v2 API and implementation.

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message