Ray, As far as the spec goes, I don’t have any real good opinion on how it could be improved at the moment. I can try and gather my thoughts about it and get back to you. For now I look at it, and read it as a spec; written for a certain technical audience and normally not written to entertaining.
I’ll see what I can come up with, for now (in regards to OpenAz) what it really needs is the OpenAz representation of “hello world”. Possible media formats include wiki page, or video format. I think in today’s world video introductions to software help promote the adoption of a particular piece of software by reducing the overall cognitive load and provide a means of entry into a potentially difficult concept. Just some thoughts, Carlos On 2/9/16, 4:23 AM, "Sinnema, Remon" <[email protected]> wrote: >Hi Carlos, > >You say that the XACML specification makes for good bedtime reading since >it knocks you out quick. What would have to change to make it read >better? If you can give me some ideas I can bring them to the XACML >Technical Committee and see what we can do. Also, what other >documentation aside from the specification itself are you looking for? > > >Thanks, >Ray > > >-----Original Message----- >From: Carlos Perez [mailto:[email protected]] >Sent: dinsdag 9 februari 2016 0:31 >To: [email protected] >Subject: Re: [DISCUSS] - Retire OpenAz? > >It's only my opinion but I do think David makes some good points. One >point in particular is just the lack of devs really even knowing what >XACML is, or what it's for. I myself didn't know what it was about until >about 2 years ago, and only because I have a particular interest in >security and access control did I go out in search for an alternative to >some other XACML implementations. Some that would not share even the >slightest amount of information before they get you into a hour+ long >phone call to "find out your needs". That said, I think it's still a >little harsh to say that I have been writing software that "sucks", but >I'm going to take that with a grain of salt and say it was for dramatic >effect. =o) > >All that said, one major item of interest to email from David was his >mention of a PR, and then I remembered this. >https://github.com/apache/incubator-openaz/pulls > >Now I'm not sure if this counts as activity, nor will I even try to >qualify this as a community, but there are now 3 pending PR's dating back >to December 3rd, 2015 that's. Well it's something. Anyway, I know the >AT&T group has been a little incommunicado but they are the best people >to put SOME kind of docs put there, even a video of how to >download/setup/and run would be a start. I know the lack of docs has >been my biggest weakness but so far I've been trying to learn via YouTube >videos and reading what I can of the spec (good bedtime reading BTW, >knocks you out quick). I know that Colm (I think it's Colm) did some >write up recently which was an attempt to show OpenAz used in an app, it >was lite but still a start. > >Any who, this emails gotten a bit long so I'm going to cut it off here, >but I would like to see David's port of the AT&T admin portal (I think >that will really help), and if possible could Colm reply back with his >write up?? > >Regards, > >Carlos > > >On 2/8/16, 5:02 PM, "David Ash" <[email protected]> wrote: > >>I have submitted a pull request for my port of the Admin interface. >>I'll check what other changes were made and see what else I can submit. >> >>BTW, although I had previously worked for AT&T, including working on >>software that interacted with AT&T's original XACML engine, I no longer >>work for AT&T. My interest in this project came from my desire to have >>a RESTful API for XACML authorization, I found this project via Google, >>and my contributions to this project are my own. In this regard I am a >>truly independent contributor. >> >>On Mon, Feb 8, 2016 at 2:42 PM, David Ash <[email protected]> wrote: >> >>> I think it hasn't seen much activity over the past two months because >>>it's been a holiday season. I know most of the AT&T people take most >>>of December off (once upon a time, I was one). >>> >>> It has a lot of work to be done before it's functional and even >>>remotely mature, and we're not going to see a lot of outside interest >>>until it gets there. >>> * The Admin part is crucial, and it hadn't even been ported over (I >>>ported it myself, still need to fork in github and do a >>>pull-request). >>> * There's a shortage of documentation. To the point that it's >>>unusable. >>> * It's complicated enough that its difficult to come up with the >>>documentation. >>> >>> Now, sure there seems to be a shortage of interest but I say give >>>that time. XACML is not a thing of the past, it's still part of the >>>future. >>> Organizations and software developers are still slowly moving to >>>XACML >>>-- >>> it is the best authorization solution in existence to my knowledge, >>>and fits nicely into a modern auth stack with SCIM, JSON Identity >>>Suite, OpenID Connect, and OAuth. ( >>>http://www.slideshare.net/nordicapis/1415-twobo-nordicap-istour >>> ). Most developers still aren't using an external authorization >>>solution because they are building highly-coupled monolithic software >>>that sucks. >>> And honestly, there aren't a lot of other free open source options. >>>The only alternative I see that is any good is WSO2's Identity Server >>>(which is vastly superior to this product, but hey that's an >>>opportunity in some ways). If this project really succeeded, it >>>would at least allow developers of open source systems to build >>>better, more modular software. >>> >>> The main problem I see is that AT&T still has most of the knowledge >>>and is able to put very little effort behind it. We need Pam's team >>>to write up some high quality documentation (particularly for the >>>API's) and release that information. >>> >>> The other problem I see is there's kind of a lack of vision as far as >>>I can tell. We need someone in the lead that has the time to craft a >>>vision for what this product should really be. When you look at >>>WSO2's Identity Server, you immediately start realizing the >>>possibilities -- things that this project haven't even touched yet. >>> >>> >>> Thanks, >>> >>> David Ash >>> >>> >>> PS. I'll put in a pull request for my port of the Admin interface. >>> >>> >>> >>> On Mon, Feb 8, 2016 at 9:59 AM, Emmanuel Lécharny >>> <[email protected]> >>> wrote: >>> >>>> Le 08/02/16 16:53, Carlos Perez a écrit : >>>> > Hi guys, >>>> > >>>> > While I completely understand the reasoning for the discussion to >>>>retire >>>> > OpenAXZ, and to be completely honest I was surprised it took this >>>>long), >>>> > it would be a real shame to see it just fade away into oblivion. >>>> >>>> I Agree. >>>> >>>> > >>>> > That said, what does happen when a project never makes it to a TLP? >>>> >>>> From Apache POV, not a lot. We just shut down the mailing lists, and >>>> close the repos (no more writes allowed). >>>> >>>> >>>> > Does >>>> > it have a chance to be resuscitated later if it is deemed >>>> > worthwhile >>>>and >>>> > has more interest? >>>> It's always a possibility. A very remote one, I have to say. The >>>>fact that in almost 2 years the project hasn't be able to attract >>>>any new contributors, and that almost no activity has been seen from >>>>the initial contributors make it unlikely that the project could >>>>make a come back. >>>> >>>> In 10 years, I haven't seen that happen. Not once. >>>> >>>> >>>> > Does the license revert back to AT&T? >>>> >>>> Good question. I can ask [email protected] about that. The fact that it >>>> didn't make it to a TLP might be relevant. For TLPs, the code base >>>> has been granted to The ASF and remains so, same for the name. >>>> > >>>> > XACML is a complicated spec and I can¹t say that I fully >>>> > understand >>>>it >>>> > yet, but I think it solves a real problem (I just regret not >>>> > having >>>>the >>>> > time personally to help push it along). >>>> >>>> That's the main issue : the fcat that it's a complex code base might >>>>be intimidating for many of the potential users. But IMHO, would it >>>>be really a critical brick of many IT systems, it *would* have >>>>attracted developpers. That raises the question of XACML as a useful >>>>technology. >>>> It as been around for more than 10 years now, and I'm not sure that >>>>it captured a lot of interest. But that may be just me... (and I >>>>*think* it could have been a big hit years ago. Not so sure >>>>nowadays.) >>>> >>>> Thanks ! >>>> >>>> >>> > > >This e-mail message and any attachments to it are intended only for the >named recipients and may contain legally privileged and/or confidential >information. If you are not one of the intended recipients, do not >duplicate or forward this e-mail message. > This e-mail message and any attachments to it are intended only for the named recipients and may contain legally privileged and/or confidential information. If you are not one of the intended recipients, do not duplicate or forward this e-mail message.
