Hi,

Some time ago I created https://issues.apache.org/jira/browse/OFBIZ-10307.

I asked for reviews but only Taher answered and he asked to know the goal of 
this new feature.

It was actually developed for a client who needed to get from one OFBiz instance on a server (on a domain) to another OFBiz instance on another  server (on another domain) without having to sign up between the 2 while keeping things secure.

There could be many reasons why you want to split OFBiz application on servers. 
In their case it was for performance issues.

The technology used is as secure as possible. Like OAuth 2.0 it uses a token but it does not need a middle authorization server (think to  two-factor authentication) because it's only for OFBiz instances of the same version.

To commit this work we need 1st to agree an commit the work done by Deepak at OFBIZ-9833 
"Token Based Authentication" that I use in my last patch.

For me there is only one question outstanding: how to store the Token secret. 
But this should not prevent us to commit Deepak's work.

It's now a long time (9 months) since I started this work. And my last patch is 
ready for a month.

I crossed several issues which are now all resolved. So please review and 
answer to this thread.

Without negative comments well argumented I'll commit both OFBIZ-9833 and 
OFBIZ-10307 in a week. You can always test and review later, we use RTC.

Also a veto on a commit is always possible... Of course, as ever, a good 
consensus is preferred.

Let me know if you need more information about the goal. For the technical 
details I think I already provided them the in OFBIZ-10307.

Jacques

Reply via email to