From general-return-25202-apmail-incubator-general-archive=incubator.apache.org@incubator.apache.org Wed May 05 05:45:12 2010 Return-Path: Delivered-To: apmail-incubator-general-archive@www.apache.org Received: (qmail 23965 invoked from network); 5 May 2010 05:45:09 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 5 May 2010 05:45:09 -0000 Received: (qmail 79890 invoked by uid 500); 5 May 2010 05:45:09 -0000 Delivered-To: apmail-incubator-general-archive@incubator.apache.org Received: (qmail 79642 invoked by uid 500); 5 May 2010 05:45:06 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Received: (qmail 79631 invoked by uid 99); 5 May 2010 05:45:05 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 May 2010 05:45:05 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of francisdb@gmail.com designates 72.14.220.152 as permitted sender) Received: from [72.14.220.152] (HELO fg-out-1718.google.com) (72.14.220.152) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 May 2010 05:44:59 +0000 Received: by fg-out-1718.google.com with SMTP id e21so1579713fga.0 for ; Tue, 04 May 2010 22:44:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=YLgLtItj5+gFd/kusTwUL3tetujCzyzkyabA6Zly0ZI=; b=EzxpY9j9fXl0xqqLtdGN7rw9TnTKMSRO4WA5ppVk5qpWTk308thFPd8VlgRn6/RimH vXNpR/5P3uSz7HOQ7sbE5wbsMsEIcbxN9ezv1vbfDGk5OQQqfpOPCGg98mdOK4bTQwpv C00c6u7ueJvYQ5R0tArssQEqfQS7PCGmaLX2I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=GoF+juYGhEXfGcFrIyyhLJxV1yQJ0xK7SdInrp86mCNTrGvCGSs+IeqEZNt2vrlvUh n2gpWVXq8gleVvbVWraaAk8FebZYIKC33y+z6uiXrj3Htw8WOLrzCKoSJG74a0Ilv2CS Mz5LhBKm7tMn9hLqbRmzeLsHbO2jxH+hFVvwE= Received: by 10.102.216.24 with SMTP id o24mr10628596mug.67.1273038279122; Tue, 04 May 2010 22:44:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.182.4 with HTTP; Tue, 4 May 2010 22:44:19 -0700 (PDT) In-Reply-To: References: From: Francis De Brabandere Date: Wed, 5 May 2010 07:44:19 +0200 Message-ID: Subject: Re: [VOTE][PROPOSAL] Amber incubator To: general@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org +1 (non-binding) On Wed, May 5, 2010 at 1:30 AM, Paul Lindner wrote: > +1 (non-binding) > > On Tue, May 4, 2010 at 3:48 PM, Simone Gianni wrote: > >> I would like to present for a vote the following proposal to be sponsore= d >> by >> the Shindig PMC for a new "Amber" podling. =A0The goal is to build a >> community >> around delivering a OAuth v1.0, v1.0a and upcoming v2.0 API and >> implementation >> >> The proposal is available on the wiki at and included below: >> >> http://wiki.apache.org/incubator/AmberProposal >> >> [] +1 =A0to accept Amber into the Incubator >> [] =A00 =A0don't care >> [] -1 =A0object and reason why. >> >> Thanks, >> Simone Gianni >> >> --- Proposal text from the wiki --- >> >> =3D Amber =3D >> =3D=3D Abstract =3D=3D >> The following proposal is about Apache Amber, a Java development framewo= rk >> mainly aimed to build OAuth-aware applications. After a brief explanatio= n >> of >> the OAuth protocol, the following proposal describes how Apache Amber >> solves >> issues related to the implementation of applications that adhere to such >> specification. >> >> =3D=3D Proposal =3D=3D >> Amber will have no or negligible dependencies and will provide both an A= PI >> specification for, and an unconditionally compliant implementation of, t= he >> OAuth v1.0, v1.0a and v2.0 specifications. The API specification will be >> provided as a separate JAR file allowing re-use by other developers and >> permits configuration: >> >> =A0* by XML >> =A0* by the Java JAR Services "ServiceLoader" mechanism >> =A0* programmatically >> >> The API component specifies that an implementation must provide default >> classes for Provider, Consumer and Token objects making Amber easy to >> integrate with existing infrastructure and OAuth client interactions >> possible with virtually no additional configuration. The API is flexible >> enough to allow programmatic customisation or replacement of much of the >> implementation, including the default HTTP transport. >> >> Amber will provide both client and server functionality, enabling >> developers >> to deploy robust OAuth services with minimal effort. >> >> =3D=3D Background =3D=3D >> Roughly, OAuth is a mechanism that allows users to share their private >> resources, like photo, videos or contacts, stored on a site with another >> site avoiding giving their username and password credentials. Hence, fro= m >> the user point-of-view, OAuth could be the way to improve their experien= ce >> across different applications with an enhanced privacy and security cont= rol >> in a simple and standard method from desktop and web applications. The >> protocol was initially developed by the oauth.net community and now is >> under >> IETF standardization process. >> >> The main idea behind OAuth is represented by the token concept. Each tok= en >> grants access to a site, for a specific resource (or a group of resource= s), >> and for a precise time-interval. The user is only required to authentica= te >> with the Provider of their original account, after which that entity >> provides a re-usable to token to the Consumer who can use it to access >> resources at the Provider, on the users behalf. >> >> Moreover, the total transparency to the user, that is completely unaware= of >> using the protocol, represents one of the main valuable characteristics = of >> the specification. >> >> Apache Amber community aims not just to create a simple low-level librar= y, >> but rather to provide a complete OAuth framework easy to use with Java >> code, >> on top of which users can build new-generation killer applications. >> >> There are currently three implementation efforts going on in ASF for OAu= th >> v1. A stable implementation of OAuth v1 is present in Apache Shindig, bu= t >> it >> is not actively developed and not shared with other projects. A Lab havi= ng >> Simone Tripodi as its PI is working on an implementation for an OAuth >> library that could be used by other products. Zhihong Zhang wrote an OAu= th >> plugin for JMeter. >> >> At the same time, on the IETF OAuth v2 mailing list, other people expres= sed >> interest for a Java API and implementation, among them two Apache >> committers >> and one active contributor. >> >> Outside the ASF there are three known Java OAuth 1.0/1.0a libraries >> >> =A0* The oauth.net reference implementation by John Kristian, Praveen >> Alavilli >> and Dirk Balfanz. >> =A0* OAuth SignPost - a simple OAuth message signing client for Java and >> Apache HttpComponents by Matthias Kaeppler. >> =A0* OAuth Scribe - a simple OAuth client by Pablo Fernandez. >> =A0* asmx-oauth (on google code) - a complete open source OAuth 1.0 Cons= umer >> and Service Provider implementation provided by Asemantics Srl (Simone >> Tripodi was involved). >> >> =3D=3D Rationale =3D=3D >> The key role played by the OAuth specification, within the overall Open >> Stack technologies, jointly with its high degree of adoption and maturit= y, >> strongly suggest having an Apache leaded incubator for suitable referenc= e >> implementation. Furthermore, the OAuth specification is currently gainin= g >> value due to its involvement in a standardization process within the IET= F, >> as the actual internet draft. Having the Apache Amber as an Apache >> Incubator >> could be an opportunity to enforce the actual Apache projects that alrea= dy >> reference other IETF specifications. >> >> Moreover, other Apache Projects, such as Abdera, Shindig and Wink, are >> currently supporting the OAuth protocol, so having the OAuth Apache >> reference implementation should benefit not only the project and the >> related >> commmunity itself, but also existing and active Apache projects. Combini= ng >> efforts from existing Apache projects is a logical step. >> >> Providing an Apache licensed library will make it easier for other Apach= e >> projects to integrate OAuth, like, for example: >> >> =A0* It could be the foundation framework for Consumer developers; >> =A0* It could be the foundation Framework for Service Provider developer= s; >> =A0* It could be integrated into Apache Shindig; >> =A0* It could be integrated into Apache Abdera; >> =A0* It could be integrated into Apache Wink; >> =A0* It could be integrated into Spring Security; >> =A0* It could be integrated with JAAS (and be deployed in Tomcat-based >> Servlet >> Containers); >> =A0* It could be integrated into Jakarta JMeter; >> =A0* Apache Wookie (incubating) expressed interest in an OAuth >> implementation; >> =A0* Most importantly, it could be a backend for dozens of useful new >> innovative projects that no-one has envisioned yet. >> >> =3D Current Status =3D >> Code in the [[http://svn.apache.org/viewvc/labs/amber|Amber Lab]] and in >> Apache Shindig is already licensed to the ASF. More contributions of cod= e >> and ideas are expected from initial committers, so an implementation of >> OAuth v1 should be reached quickly, and act as a base for an OAuth v2 AP= I >> and implementation. >> >> =3D=3D Meritocracy =3D=3D >> As a majority of the initial project members are existing ASF committers= , >> we >> recognize the desirability of running the project as a meritocracy. =A0W= e are >> eager to engage other members of the community and operate to the standa= rd >> of meritocracy that Apache emphasizes; we believe this is the most >> effective >> method of growing our community and enabling widespread adoption. >> >> =3D=3D Community =3D=3D >> The amount of interest in the OAuth protocol from enterprises, social >> networks and individual developers suggests a strong community will deve= lop >> once the framework to support one is laid. >> >> =3D=3D Core Developers =3D=3D >> =A0* Simone Gianni (Semeru) >> =A0* Simone Tripodi (Sourcesense) >> =A0* Stuart "Pid" Williams (Clubtickets.com) >> =A0* David Recordon (Facebook) >> =A0* Tommaso Teofili (Sourcesense) >> >> =3D=3D Alignment =3D=3D >> The purpose of the project is to develop an implementation of OAuth v1 a= nd >> OAuth v2 that can be used by other Apache projects. >> >> =3D Known Risks =3D >> =3D=3D Orphaned Products =3D=3D >> Being OAuth a standard receiving a lot of interest, and being v2 an ongo= ing >> work in IETF, we believe there is minimal risks of this work becoming >> non-strategic and the contributors are confident that a larger community >> will form within the project in a relatively short space of time. >> >> =3D=3D Inexperience with Open Source =3D=3D >> All of the committers have experience working in one or more open source >> projects inside and outside ASF. >> >> =3D=3D Homogeneous Developers =3D=3D >> The list of initial committers are geographically distributed across the >> U.S. and Europe with no one company being associated with a majority of = the >> developers. =A0Many of these initial developers are experienced Apache >> committers already and all are experienced with working in distributed >> development communities. >> >> =3D=3D Reliance on Salaried Developers =3D=3D >> To the best of our knowledge, none of the initial committers are being p= aid >> to develop code for this project. >> >> =3D=3D Relationships with Other Apache Products =3D=3D >> A number of existing ASF projects could benefit from an OAuth >> implementation, including Apache Shindig, Apache Abdera, Apache Wink, >> Jmeter >> which are already using partial and non standardized OAuth implementatio= ns. >> Basically any other server-side framework or application could benefit b= y >> using Amber. It is hoped that members of those projects will be interest= ed >> in contributing to and adopting this implementation. >> >> =3D=3D A Excessive Fascination with the Apache Brand =3D=3D >> Amber fits naturally in the ASF because : >> >> =A0* It is an implementation of an open standard >> =A0* It is a server component on which many other projects can depend on >> >> =3D Documentation =3D >> [1] More information about OAuth can be found here:<
> >> http://www.oauth.net/ >> >> [2] The IETF discussion about the emerging OAuth v2.0 specification is >> occuring on this mailing list<
> oauth@ietf.org >> >> =3D Initial Source =3D >> The intial source comprises code developed inside Apache Labs, other Apa= che >> projects and contributed under the CLA. >> >> =3D Source and Intellectual Property Submission Plan =3D >> Source code will be moved from SVN space of Apache Labs, Apache Shindig = and >> other appropriately licensed sources inside the SVN space of the podling= . >> >> =3D External Dependencies =3D >> None known >> >> =3D Cryptography =3D >> The project will use cryptographic utilities available as standard in Ja= va >> 6. >> >> =3D Required Resources =3D >> =A0* Mailing lists >> =A0* amber-private (with moderated subscriptions) >> =A0* amber-dev >> =A0* amber-user >> =A0* amber-commits >> =A0* Subversion directory >> =A0* https://svn.apache.org/repos/asf/incubator/amber >> =A0* Website >> =A0* Confluence (AMBER) >> =A0* Issue Tracking >> =A0* JIRA (AMBER) >> >> =3D Initial Committers =3D >> Names of initial committers with affiliation and current ASF status: >> >> =A0* Simone Gianni (Semeru) >> =A0* Simone Tripodi (Sourcesense) >> =A0* Stuart "Pid" Williams (Clubtickets.com) (C= LA >> filed) >> =A0* David Recordon (Facebook) >> =A0* Tommaso Teofili (Sourcesense) >> =A0* Paul Lindner (LinkedIn) >> =A0* Pablo Fernandez (LinkedIn) >> >> =3D Sponsors =3D >> =3D=3D Champion =3D=3D >> =A0* Brian McCallister >> >> =3D=3D Nominated Mentors =3D=3D >> =A0* Henning Schmiedehausen >> =A0* Jean-Frederic Clere >> =A0* Gianugo Rabellino >> =A0* David Jencks (Waiting on IPMC) >> >> =3D=3D Sponsoring Entity =3D=3D >> =A0* Shindig PMC - Confirmed Apr 29, 2010 >> >> =3D Other interested people =3D >> =A0* Saleem Shafi >> =A0* Chirag Shah (Apache Shindig Committer) >> =A0* Greg Brail >> > --=20 http://www.somatik.be Microsoft gives you windows, Linux gives you the whole house. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org