incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "AmberProposal" by JeanFredericClere
Date Mon, 03 May 2010 09:11:57 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The "AmberProposal" page has been changed by JeanFredericClere.
http://wiki.apache.org/incubator/AmberProposal?action=diff&rev1=32&rev2=33

--------------------------------------------------

  = Amber =
  == Abstract ==
- The following proposal is about Apache Amber, a Java development framework mainly aimed
to build OAuth-aware applications. After a brief explanation of the OAuth protocol, the following
proposal describes how Apache Amber solves issues related to the implementation of applications
that adhere to
+ The following proposal is about Apache Amber, a Java development framework mainly aimed
to build OAuth-aware applications. After a brief explanation of the OAuth protocol, the following
proposal describes how Apache Amber solves issues related to the implementation of applications
that adhere to such specification.
- such specification.
  
  == Proposal ==
  Amber will have no or negligible dependencies and will provide both an API specification
for, and implementation of, the OAuth v1.0, v1.0a and v2.0 specifications. The API specification
will be provided as a separate JAR file allowing re-use by other developers and permits configuration:
@@ -17, +16 @@

  Amber will provide both client and server functionality, enabling developers to deploy robust
OAuth services with minimal effort.
  
  == Background ==
+ Roughly, OAuth is a mechanism that allows users to share their private resources, like photo,
videos or contacts, stored on a site with another site avoiding giving their username and
password credentials. Hence, from the user point-of-view, OAuth could be the way to improve
their experience across different applications with an enhanced privacy and security control
in a simple and standard method from desktop and web applications. The protocol was initially
developed by the oauth.net community and now is under IETF standardization process.
- Roughly, OAuth is a mechanism that allows users to share their private resources, like photo,
videos or contacts, stored on a site with another site avoiding giving their username and
password credentials.
- Hence, from the user point-of-view, OAuth could be the way to improve their experience across
different applications with an enhanced privacy and security control in a simple and standard
method from desktop and web applications.
- The protocol was initially developed by the oauth.net community and now is under IETF standardization
process.
  
  The main idea behind OAuth is represented by the token concept. Each token grants access
to a site, for a specific resource (or a group of resources), and for a precise time-interval.
The user is only required to authenticate with the Provider of their original account, after
which that entity provides a re-usable to token to the Consumer who can use it to access resources
at the Provider, on the users behalf.
  
@@ -39, +36 @@

   * asmx-oauth (on google code) - a complete open source OAuth 1.0 Consumer and Service Provider
implementation provided by Asemantics Srl (Simone Tripodi was involved).
  
  == Rationale ==
+ The key role played by the OAuth specification, within the overall Open Stack technologies,
jointly with its high degree of adoption and maturity, strongly suggest having an Apache leaded
incubator for suitable reference implementation. Furthermore, the OAuth specification is currently
gaining value due to its involvement in a standardization process within the IETF, as the
actual internet draft. Having the Apache Amber as an Apache Incubator could be an opportunity
to enforce the actual Apache projects that already reference other IETF specifications.
- The key role played by the OAuth specification, within the overall Open Stack technologies,
jointly with its high degree of adoption and maturity, strongly suggest having an Apache leaded
incubator for suitable reference implementation.
- Furthermore, the OAuth specification is currently gaining value due to its involvement in
a standardization process within the IETF, as the actual internet draft.
- Having the Apache Amber as an Apache Incubator could be an opportunity to enforce the actual
Apache projects that already reference other IETF specifications.
  
- Moreover, other Apache Projects, such as Abdera, Shindig and Wink, are currently supporting
the OAuth protocol, so having the OAuth Apache reference implementation should benefit not
only the project and the related commmunity itself, but also existing and active Apache projects.
+ Moreover, other Apache Projects, such as Abdera, Shindig and Wink, are currently supporting
the OAuth protocol, so having the OAuth Apache reference implementation should benefit not
only the project and the related commmunity itself, but also existing and active Apache projects.
Combining efforts from existing Apache projects is a logical step.
- Combining efforts from existing Apache projects is a logical step.
  
  Providing an Apache licensed library will make it easier for other Apache projects to integrate
OAuth, like, for example:
  
@@ -79, +73 @@

  The purpose of the project is to develop an implementation of OAuth v1 and OAuth v2 that
can be used by other Apache projects.
  
  = Known Risks =
- 
  == Orphaned Products ==
  Being OAuth a standard receiving a lot of interest, and being v2 an ongoing work in IETF,
we believe there is minimal risks of this work becoming non-strategic and the contributors
are confident that a larger community will form within the project in a relatively short space
of time.
  
@@ -87, +80 @@

  All of the committers have experience working in one or more open source projects inside
and outside ASF.
  
  == Homogeneous Developers ==
- The list of initial committers are geographically distributed across the U.S. and Europe
with no one company being associated with a majority of the developers.  Many of these initial
developers are experienced Apache committers already and all are experienced with working
in distributed development communities.  
+ The list of initial committers are geographically distributed across the U.S. and Europe
with no one company being associated with a majority of the developers.  Many of these initial
developers are experienced Apache committers already and all are experienced with working
in distributed development communities.
  
  == Reliance on Salaried Developers ==
  To the best of our knowledge, none of the initial committers are being paid to develop code
for this project.
@@ -97, +90 @@

  
  == A Excessive Fascination with the Apache Brand ==
  Amber fits naturally in the ASF because :
+ 
   * It is an implementation of an open standard
   * It is a server component on which many other projects can depend on
  
  = Documentation =
+ [1] More information about OAuth can be found here:<<BR>> http://www.oauth.net/
  
- [1] More information about OAuth can be found here:<<BR>>
- http://www.oauth.net/
- 
- [2] The IETF discussion about the emerging OAuth v2.0 specification is occuring on this
mailing list<<BR>>
+ [2] The IETF discussion about the emerging OAuth v2.0 specification is occuring on this
mailing list<<BR>> oauth@ietf.org
- oauth@ietf.org
  
  = Initial Source =
  The intial source comprises code developed inside Apache Labs, Apache projects (TODO) and
contributed under the CLA.
@@ -145, +136 @@

   * Pablo Fernandez <fernandezpablo85 at gmail dot com> (LinkedIn)
   * David Jencks <djencks at apache dot org> (IBM)
  
- 
- 
  = Sponsors =
- 
  == Champion ==
   * Brian McCallister <brianm at apache dot org>
  
  == Nominated Mentors ==
   * Henning Schmiedehausen <henning at apache dot org>
+  * Jean-Frederic Clere <jfclere at gmail dot com>
  
  == Sponsoring Entity ==
   * Shindig PMC - Confirmed Apr 29, 2010

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message