Attracting outside interest will be hard when it's unclear what people can work on.
The project page doesn't provide a lot of information: http://incubator.apache.org/projects/openaz.html The "website" that it links to gives 404. There is no link to the issue tracker. Emmanuel mentioned JIRA, but where is it? I couldn't find a roadmap either. The code contains no guidance about the various sub-projects, how they relate together, and what their status is. Give this situation, if I wanted to contribute, I wouldn't know where to start. BTW, the old project page still exists but doesn't link to Apache: http://www.openliberty.org/wiki/index.php/OpenAz_Main_Page -----Original Message----- From: David Ash [mailto:[email protected]] Sent: maandag 8 februari 2016 22:42 To: [email protected] Subject: Re: [DISCUSS] - Retire OpenAz? I think it hasn't seen much activity over the past two months because it's been a holiday season. I know most of the AT&T people take most of December off (once upon a time, I was one). It has a lot of work to be done before it's functional and even remotely mature, and we're not going to see a lot of outside interest until it gets there. * The Admin part is crucial, and it hadn't even been ported over (I ported it myself, still need to fork in github and do a pull-request). * There's a shortage of documentation. To the point that it's unusable. * It's complicated enough that its difficult to come up with the documentation. Now, sure there seems to be a shortage of interest but I say give that time. XACML is not a thing of the past, it's still part of the future. Organizations and software developers are still slowly moving to XACML -- it is the best authorization solution in existence to my knowledge, and fits nicely into a modern auth stack with SCIM, JSON Identity Suite, OpenID Connect, and OAuth. ( http://www.slideshare.net/nordicapis/1415-twobo-nordicap-istour ). Most developers still aren't using an external authorization solution because they are building highly-coupled monolithic software that sucks. And honestly, there aren't a lot of other free open source options. The only alternative I see that is any good is WSO2's Identity Server (which is vastly superior to this product, but hey that's an opportunity in some ways). If this project really succeeded, it would at least allow developers of open source systems to build better, more modular software. The main problem I see is that AT&T still has most of the knowledge and is able to put very little effort behind it. We need Pam's team to write up some high quality documentation (particularly for the API's) and release that information. The other problem I see is there's kind of a lack of vision as far as I can tell. We need someone in the lead that has the time to craft a vision for what this product should really be. When you look at WSO2's Identity Server, you immediately start realizing the possibilities -- things that this project haven't even touched yet. Thanks, David Ash PS. I'll put in a pull request for my port of the Admin interface. On Mon, Feb 8, 2016 at 9:59 AM, Emmanuel Lécharny <[email protected]> wrote: > Le 08/02/16 16:53, Carlos Perez a écrit : > > Hi guys, > > > > While I completely understand the reasoning for the discussion to > > retire OpenAXZ, and to be completely honest I was surprised it took > > this long), it would be a real shame to see it just fade away into oblivion. > > I Agree. > > > > > That said, what does happen when a project never makes it to a TLP? > > From Apache POV, not a lot. We just shut down the mailing lists, and > close the repos (no more writes allowed). > > > > Does > > it have a chance to be resuscitated later if it is deemed worthwhile > > and has more interest? > It's always a possibility. A very remote one, I have to say. The fact > that in almost 2 years the project hasn't be able to attract any new > contributors, and that almost no activity has been seen from the > initial contributors make it unlikely that the project could make a come back. > > In 10 years, I haven't seen that happen. Not once. > > > > Does the license revert back to AT&T? > > Good question. I can ask [email protected] about that. The fact that it didn't > make it to a TLP might be relevant. For TLPs, the code base has been > granted to The ASF and remains so, same for the name. > > > > XACML is a complicated spec and I can¹t say that I fully understand > > it yet, but I think it solves a real problem (I just regret not > > having the time personally to help push it along). > > That's the main issue : the fcat that it's a complex code base might > be intimidating for many of the potential users. But IMHO, would it be > really a critical brick of many IT systems, it *would* have attracted > developpers. That raises the question of XACML as a useful technology. > It as been around for more than 10 years now, and I'm not sure that it > captured a lot of interest. But that may be just me... (and I *think* > it could have been a big hit years ago. Not so sure nowadays.) > > Thanks ! > >
