syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <humbed...@apache.org>
Subject Re: [DISCUSS] Syncope for ASF identity management
Date Wed, 09 Dec 2015 13:23:00 GMT
If the Syncope community is willing to make a Proof of Concept and
deploy/manage it, I see no reason not to give them a box for it :)

As Tony said, this is something that's far out in the future in terms of
implementing in the ASF, but that doesn't mean you can get started on a
conceptual demo.

So +1 to that.

With regards,
Daniel.
On 12/09/2015 01:52 PM, Francesco Chicchiriccò wrote:
> On 09/12/2015 13:16, Tony Stevenson wrote:
>> Francesco,
>>
>> As I said in HipChat, I'd love to be able to say that we can do this.
>> But the fact is right now infra are tied up for at least 6 months.
>>
>> I think the best way to gain any traction on this is for the Syncope PMC
>> to stand up a PoC that replaces 1 (or more) of the components used.
> 
> As anticipated via HipChat, this is actually the deep sense of my
> proposal, e.g. the direct engagement of Syncope PMC - not only,
> actually, but anyone interested - for supporting the infra team.
> 
> A PoC sounds like a straight, concrete and limited way to start
> approaching IdM at ASF with Syncope.
> 
>> i.e.  these might include:
>>
>>   - https://id.apache.org  (The end-user part of it)
>>   - acreq - The user account request workflow
>>   - Identity Management as a whole.
>>   - PMC karma management
>>
>> I will be more than happy to help guide the PMC, and give you an ASF VM
>> on which you can stand up your PoC, and guide you on the business logic
>> already in place for any of these tools.
> 
> That's good - IMO we need:
> 
>  1. a place where to ask for information, provide feedback, etc. (shall
> we keep crossposting infra@ and dev@syncope?)
>  2. VM
>  3. SCM
>  4. (possibly) some issue tracker (not necessarily JIRA, something
> simpler would fit the job as well)
>  5. (nice to have) some wiki (not necessarily Confluence, something
> simpler would fit the job as well)
> 
>> For a long time we have tried to manage identity, or some cut-down
>> version of it, solely via LDAP. Then we added id.apache.org, and then
>> acreq was added.  They were all really disjointed efforts.  If we can
>> bring all this under one roof, and make it usable I think it will be a
>> win.
>>
>> The idea of a PoC is to be able to demonstrate that Syncope could
>> basically be dropped in, and replace one of these components.
>>
>> We'd also want some decent handover and/or training from the Syncope
>> community.  I'm not sure we'd accept it if the community wanted to
>> support it on it's own, because the sad fact is people move on, and we
>> would be left with a critical piece of the jigsaw remaining unsupported.
> 
> Agree on this last point as well: I'd suggest to identify someone from
> the infra team which could follow activities, provide inputs, etc since
> the beginning.
> 
> Regards.
> 
>> On Wed, 9 Dec 2015, at 12:06 PM, Francesco Chicchiriccò wrote:
>>> [Re-sending to infra@ after quick chat with infra]
>>>
>>> Howdy Infra,
>>> following a discussion [1] we had on Syncope PMC list, I would like to
>>> start a thread around possible usage of Apache Syncope for managing
>>> identity flows within the ASF infrastructure.
>>>
>>> Let me start with a real-life sample: I have recently been asked to join
>>> CXF as committer (good to me!).
>>>
>>> I know from [2] that, since I already own an ASF id, someone from CXF
>>> PMC had to run a perl script on people.apache.org in order to add myself
>>> to the LDAP commiter group for CXF.
>>>
>>> If instead this was my first invitation, someone had to prior request
>>> for an account [3] (note the different link for PMC chairs and PMC
>>> members) and trigger a (manual) approval process which ensures at least
>>> the availability of the chosen ASF id and the presence of a valid ICLA
>>> which can be "reconciled" with such request.
>>>
>>> Once in, someone with enough karma still needs to grant me proper access
>>> to JIRA and Confluence (and / or more applications).
>>>
>>> If I'd like to change my password and manage my own details (including
>>> SSH and GPG) I can log into [4].
>>>
>>> Naturally, I have omitted several parts of the process, especially the
>>> ones related to becoming PMC [5] or ASF member, which are even more
>>> involved.
>>>
>>> As Syncope PMC, we believe it is worth to explore the possibility of
>>> using Syncope for driving the processes summarized above, and more.
>>> I see this as a win-win situation: Infra will benefit from introducing a
>>> proper tool for the job, and Syncope will get more visibility both
>>> within the foundation and externally (think to some post(s) by Infra
>>> describing this work).
>>>
>>> In the past I have exchanged some e-mails with Tony Stevenson about this
>>> topic, and it seemed to me he was interested on the topic, even though
>>> at a certain point we did not follow up.
>>>
>>> Should you be interested, we are available to discuss in order to
>>> identify together the required steps, and also to provide material help,
>>> if required.
>>>
>>> Looking forward for your reply.
>>> Regards.
>>>
>>> [1]
>>> https://mail-search.apache.org/members/private-arch/syncope-private/201511.mbox/%3C565C09A3.7070004@apache.org%3E
>>>
>>> [2] https://www.apache.org/dev/pmc.html#karma
>>> [3] https://id.apache.org/acreq/
>>> [4] https://id.apache.org/
>>> [5] https://www.apache.org/dev/pmc.html#newpmc
> 


Mime
View raw message