Folks, Just adding my thoughts. I would really love to see OpenAz at least get one release out the door with some documentation behind it to help generate interest. I had difficulty understanding the Apache documentation when it came to building a podling website and getting that up-and-running. I had started it and then it fell through the cracks when the holidays came and we have been in full sprint starting in January. If someone could help me with this and get it at least going, I can work to get as much documentation, examples, tutorials in it as needed.
I do realize that the reality is, there is a very limited community around ABAC in general. We were hoping that by getting it in Apache that would be the best place for that community to build from. So far that hasn’t happened. If there’s a vote, let’s please do one. I would like to ingest David’s work, get the website up and do a first release. Is this still possible? Thanks, Pam On 2/9/16, 10:53 AM, "Carlos Perez" <[email protected]> wrote: >Ray, > >As far as the spec goes, I don’t have any real good opinion on how it >could be improved at the moment. I can try and gather my thoughts about it >and get back to you. For now I look at it, and read it as a spec; written >for a certain technical audience and normally not written to entertaining. > >I’ll see what I can come up with, for now (in regards to OpenAz) what it >really needs is the OpenAz representation of “hello world”. Possible >media formats include wiki page, or video format. I think in today’s >world video introductions to software help promote the adoption of a >particular piece of software by reducing the overall cognitive load and >provide a means of entry into a potentially difficult concept. > >Just some thoughts, > >Carlos > >On 2/9/16, 4:23 AM, "Sinnema, Remon" <[email protected]> wrote: > >>Hi Carlos, >> >>You say that the XACML specification makes for good bedtime reading since >>it knocks you out quick. What would have to change to make it read >>better? If you can give me some ideas I can bring them to the XACML >>Technical Committee and see what we can do. Also, what other >>documentation aside from the specification itself are you looking for? >> >> >>Thanks, >>Ray >> >> >>-----Original Message----- >>From: Carlos Perez [mailto:[email protected]] >>Sent: dinsdag 9 februari 2016 0:31 >>To: [email protected] >>Subject: Re: [DISCUSS] - Retire OpenAz? >> >>It's only my opinion but I do think David makes some good points. One >>point in particular is just the lack of devs really even knowing what >>XACML is, or what it's for. I myself didn't know what it was about until >>about 2 years ago, and only because I have a particular interest in >>security and access control did I go out in search for an alternative to >>some other XACML implementations. Some that would not share even the >>slightest amount of information before they get you into a hour+ long >>phone call to "find out your needs". That said, I think it's still a >>little harsh to say that I have been writing software that "sucks", but >>I'm going to take that with a grain of salt and say it was for dramatic >>effect. =o) >> >>All that said, one major item of interest to email from David was his >>mention of a PR, and then I remembered this. >>https://github.com/apache/incubator-openaz/pulls >> >>Now I'm not sure if this counts as activity, nor will I even try to >>qualify this as a community, but there are now 3 pending PR's dating back >>to December 3rd, 2015 that's. Well it's something. Anyway, I know the >>AT&T group has been a little incommunicado but they are the best people >>to put SOME kind of docs put there, even a video of how to >>download/setup/and run would be a start. I know the lack of docs has >>been my biggest weakness but so far I've been trying to learn via YouTube >>videos and reading what I can of the spec (good bedtime reading BTW, >>knocks you out quick). I know that Colm (I think it's Colm) did some >>write up recently which was an attempt to show OpenAz used in an app, it >>was lite but still a start. >> >>Any who, this emails gotten a bit long so I'm going to cut it off here, >>but I would like to see David's port of the AT&T admin portal (I think >>that will really help), and if possible could Colm reply back with his >>write up?? >> >>Regards, >> >>Carlos >> >> >>On 2/8/16, 5:02 PM, "David Ash" <[email protected]> wrote: >> >>>I have submitted a pull request for my port of the Admin interface. >>>I'll check what other changes were made and see what else I can submit. >>> >>>BTW, although I had previously worked for AT&T, including working on >>>software that interacted with AT&T's original XACML engine, I no longer >>>work for AT&T. My interest in this project came from my desire to have >>>a RESTful API for XACML authorization, I found this project via Google, >>>and my contributions to this project are my own. In this regard I am a >>>truly independent contributor. >>> >>>On Mon, Feb 8, 2016 at 2:42 PM, David Ash <[email protected]> wrote: >>> >>>> I think it hasn't seen much activity over the past two months because >>>>it's been a holiday season. I know most of the AT&T people take most >>>>of December off (once upon a time, I was one). >>>> >>>> It has a lot of work to be done before it's functional and even >>>>remotely mature, and we're not going to see a lot of outside interest >>>>until it gets there. >>>> * The Admin part is crucial, and it hadn't even been ported over (I >>>>ported it myself, still need to fork in github and do a >>>>pull-request). >>>> * There's a shortage of documentation. To the point that it's >>>>unusable. >>>> * It's complicated enough that its difficult to come up with the >>>>documentation. >>>> >>>> Now, sure there seems to be a shortage of interest but I say give >>>>that time. XACML is not a thing of the past, it's still part of the >>>>future. >>>> Organizations and software developers are still slowly moving to >>>>XACML >>>>-- >>>> it is the best authorization solution in existence to my knowledge, >>>>and fits nicely into a modern auth stack with SCIM, JSON Identity >>>>Suite, OpenID Connect, and OAuth. ( >>>>http://www.slideshare.net/nordicapis/1415-twobo-nordicap-istour >>>> ). Most developers still aren't using an external authorization >>>>solution because they are building highly-coupled monolithic software >>>>that sucks. >>>> And honestly, there aren't a lot of other free open source options. >>>>The only alternative I see that is any good is WSO2's Identity Server >>>>(which is vastly superior to this product, but hey that's an >>>>opportunity in some ways). If this project really succeeded, it >>>>would at least allow developers of open source systems to build >>>>better, more modular software. >>>> >>>> The main problem I see is that AT&T still has most of the knowledge >>>>and is able to put very little effort behind it. We need Pam's team >>>>to write up some high quality documentation (particularly for the >>>>API's) and release that information. >>>> >>>> The other problem I see is there's kind of a lack of vision as far as >>>>I can tell. We need someone in the lead that has the time to craft a >>>>vision for what this product should really be. When you look at >>>>WSO2's Identity Server, you immediately start realizing the >>>>possibilities -- things that this project haven't even touched yet. >>>> >>>> >>>> Thanks, >>>> >>>> David Ash >>>> >>>> >>>> PS. I'll put in a pull request for my port of the Admin interface. >>>> >>>> >>>> >>>> On Mon, Feb 8, 2016 at 9:59 AM, Emmanuel Lécharny >>>> <[email protected]> >>>> wrote: >>>> >>>>> Le 08/02/16 16:53, Carlos Perez a écrit : >>>>> > Hi guys, >>>>> > >>>>> > While I completely understand the reasoning for the discussion to >>>>>retire >>>>> > OpenAXZ, and to be completely honest I was surprised it took this >>>>>long), >>>>> > it would be a real shame to see it just fade away into oblivion. >>>>> >>>>> I Agree. >>>>> >>>>> > >>>>> > That said, what does happen when a project never makes it to a TLP? >>>>> >>>>> From Apache POV, not a lot. We just shut down the mailing lists, and >>>>> close the repos (no more writes allowed). >>>>> >>>>> >>>>> > Does >>>>> > it have a chance to be resuscitated later if it is deemed >>>>> > worthwhile >>>>>and >>>>> > has more interest? >>>>> It's always a possibility. A very remote one, I have to say. The >>>>>fact that in almost 2 years the project hasn't be able to attract >>>>>any new contributors, and that almost no activity has been seen from >>>>>the initial contributors make it unlikely that the project could >>>>>make a come back. >>>>> >>>>> In 10 years, I haven't seen that happen. Not once. >>>>> >>>>> >>>>> > Does the license revert back to AT&T? >>>>> >>>>> Good question. I can ask [email protected] about that. The fact that it >>>>> didn't make it to a TLP might be relevant. For TLPs, the code base >>>>> has been granted to The ASF and remains so, same for the name. >>>>> > >>>>> > XACML is a complicated spec and I can¹t say that I fully >>>>> > understand >>>>>it >>>>> > yet, but I think it solves a real problem (I just regret not >>>>> > having >>>>>the >>>>> > time personally to help push it along). >>>>> >>>>> That's the main issue : the fcat that it's a complex code base might >>>>>be intimidating for many of the potential users. But IMHO, would it >>>>>be really a critical brick of many IT systems, it *would* have >>>>>attracted developpers. That raises the question of XACML as a useful >>>>>technology. >>>>> It as been around for more than 10 years now, and I'm not sure that >>>>>it captured a lot of interest. But that may be just me... (and I >>>>>*think* it could have been a big hit years ago. Not so sure >>>>>nowadays.) >>>>> >>>>> Thanks ! >>>>> >>>>> >>>> >> >> >>This e-mail message and any attachments to it are intended only for the >>named recipients and may contain legally privileged and/or confidential >>information. If you are not one of the intended recipients, do not >>duplicate or forward this e-mail message. >> > > >This e-mail message and any attachments to it are intended only for the >named recipients and may contain legally privileged and/or confidential >information. If you are not one of the intended recipients, do not >duplicate or forward this e-mail message.
