Wow. Awesome. Things are about to start happening here, I can tell. Great job everyone. Way to save a project.
On Tue, Feb 9, 2016, 9:03 PM Hadrian Zbarcea <[email protected]> wrote: > https://issues.apache.org/jira/browse/OPENAZ > > Hadrian > > On 02/09/2016 11:20 AM, David Ash wrote: > > So much to talk about, so many good thoughts. > > > > I think there's a path forward, and I definitely would vote to keep this > > project alive. > > > > > > - I am interested in developing and helping the project move > forward. I > > hope that Carlos is also interested in putting in some work to make > this > > project happen. Personally, sure I'm busy but I don't feel like > there's a > > lot of work to be done to make this project releasable and do the > things > > necessary to make it pick up and bring in more people. The core > code base > > is already highly functional. I know it works because I worked on an > > application that consumed its services at AT&T back in the day. > There's > > just a bit of work to smoothing out the process of installation and > running > > it with a standard servlet server. And it needs documentation. > > > > - I'm a little disheartened that we haven't heard from Pam Dragosh. > > She's the original visionary behind it, and I'd very much like to > have just > > a little bit of her time to help us transition it the rest of the > way to > > Apache (not coding, but a transfer of knowledge to aid > documentation. And > > maybe it's just all implemented according to some spec, but I'm not > aware > > of whether the XACML spec somehow specifies API endpoints, etc). And > > there's an entire admin API that is difficult to reverse engineer. > > > > - I work for a company that may be willing to donate some work in > > exchange for a bit of recognition. I am going to the Fluent > conference in > > early March, and will be meeting the CTO of my company there. I'm > going to > > use that opportunity to try to get him on-board with us helping this > > project. I think it makes sense for both the project and the > company. > > > > - I agree it's probably the wrong thread to talk Maven vs. Gradle, > but > > if Gradle has some advantages (which it sounds like it does), maybe > moving > > to Gradle is what needs to happen. Sure, it's only 1%, but that's > where > > this project is. We're basically that 1% of the way away from being > able > > to release this, with the exception of documentation (and to some > degree > > promotion). > > > > - We obviously need some basic project management work to get done. > We > > need a JIRA instance up and running for us, and we need some tasks > put in > > there. Who can volunteer to make some/all of that happen? If no > one else > > wants to volunteer, I can do it (although if Apache already has an > instance > > for us to use, I don't know where it is). And who could edit the > main page > > to create those links? Can Carlos and I be promoted to make more > things > > happen? > > > > - We need a roadmap. I'm not big on roadmaps personally, but I have > a > > basic idea of what it needs to be for the short term: > > - Smooth out the build process. > > - Get AT&T out of anywhere it remains in the code. > > - Version 1.0 Release > > > > Any other thoughts? > > > > > > > > > > On Tue, Feb 9, 2016 at 7:28 AM, Sinnema, Remon <[email protected]> > > wrote: > > > >> Attracting outside interest will be hard when it's unclear what people > can > >> work on. > >> > >> The project page doesn't provide a lot of information: > >> http://incubator.apache.org/projects/openaz.html > >> The "website" that it links to gives 404. > >> > >> There is no link to the issue tracker. Emmanuel mentioned JIRA, but > where > >> is it? > >> I couldn't find a roadmap either. > >> > >> The code contains no guidance about the various sub-projects, how they > >> relate together, and what their status is. > >> > >> Give this situation, if I wanted to contribute, I wouldn't know where to > >> start. > >> > >> > >> BTW, the old project page still exists but doesn't link to Apache: > >> http://www.openliberty.org/wiki/index.php/OpenAz_Main_Page > >> > >> > >> -----Original Message----- > >> From: David Ash [mailto:[email protected]] > >> Sent: maandag 8 februari 2016 22:42 > >> To: [email protected] > >> Subject: Re: [DISCUSS] - Retire OpenAz? > >> > >> I think it hasn't seen much activity over the past two months because > it's > >> been a holiday season. I know most of the AT&T people take most of > >> December off (once upon a time, I was one). > >> > >> It has a lot of work to be done before it's functional and even remotely > >> mature, and we're not going to see a lot of outside interest until it > gets > >> there. > >> * The Admin part is crucial, and it hadn't even been ported over (I > ported > >> it myself, still need to fork in github and do a pull-request). > >> * There's a shortage of documentation. To the point that it's unusable. > >> * It's complicated enough that its difficult to come up with the > >> documentation. > >> > >> Now, sure there seems to be a shortage of interest but I say give that > >> time. XACML is not a thing of the past, it's still part of the future. > >> Organizations and software developers are still slowly moving to XACML > -- > >> it is the best authorization solution in existence to my knowledge, and > >> fits nicely into a modern auth stack with SCIM, JSON Identity Suite, > OpenID > >> Connect, and OAuth. ( > >> http://www.slideshare.net/nordicapis/1415-twobo-nordicap-istour > >> ). Most developers still aren't using an external authorization > solution > >> because they are building highly-coupled monolithic software that sucks. > >> And honestly, there aren't a lot of other free open source options. The > >> only alternative I see that is any good is WSO2's Identity Server > (which is > >> vastly superior to this product, but hey that's an opportunity in some > >> ways). If this project really succeeded, it would at least allow > >> developers of open source systems to build better, more modular > software. > >> > >> The main problem I see is that AT&T still has most of the knowledge and > is > >> able to put very little effort behind it. We need Pam's team to write > up > >> some high quality documentation (particularly for the API's) and release > >> that information. > >> > >> The other problem I see is there's kind of a lack of vision as far as I > >> can tell. We need someone in the lead that has the time to craft a > vision > >> for what this product should really be. When you look at WSO2's > Identity > >> Server, you immediately start realizing the possibilities -- things that > >> this project haven't even touched yet. > >> > >> > >> Thanks, > >> > >> David Ash > >> > >> > >> PS. I'll put in a pull request for my port of the Admin interface. > >> > >> > >> > >> On Mon, Feb 8, 2016 at 9:59 AM, Emmanuel Lécharny <[email protected]> > >> wrote: > >> > >>> Le 08/02/16 16:53, Carlos Perez a écrit : > >>>> Hi guys, > >>>> > >>>> While I completely understand the reasoning for the discussion to > >>>> retire OpenAXZ, and to be completely honest I was surprised it took > >>>> this long), it would be a real shame to see it just fade away into > >> oblivion. > >>> > >>> I Agree. > >>> > >>>> > >>>> That said, what does happen when a project never makes it to a TLP? > >>> > >>> From Apache POV, not a lot. We just shut down the mailing lists, and > >>> close the repos (no more writes allowed). > >>> > >>> > >>>> Does > >>>> it have a chance to be resuscitated later if it is deemed worthwhile > >>>> and has more interest? > >>> It's always a possibility. A very remote one, I have to say. The fact > >>> that in almost 2 years the project hasn't be able to attract any new > >>> contributors, and that almost no activity has been seen from the > >>> initial contributors make it unlikely that the project could make a > come > >> back. > >>> > >>> In 10 years, I haven't seen that happen. Not once. > >>> > >>> > >>>> Does the license revert back to AT&T? > >>> > >>> Good question. I can ask [email protected] about that. The fact that it didn't > >>> make it to a TLP might be relevant. For TLPs, the code base has been > >>> granted to The ASF and remains so, same for the name. > >>>> > >>>> XACML is a complicated spec and I can¹t say that I fully understand > >>>> it yet, but I think it solves a real problem (I just regret not > >>>> having the time personally to help push it along). > >>> > >>> That's the main issue : the fcat that it's a complex code base might > >>> be intimidating for many of the potential users. But IMHO, would it be > >>> really a critical brick of many IT systems, it *would* have attracted > >>> developpers. That raises the question of XACML as a useful technology. > >>> It as been around for more than 10 years now, and I'm not sure that it > >>> captured a lot of interest. But that may be just me... (and I *think* > >>> it could have been a big hit years ago. Not so sure nowadays.) > >>> > >>> Thanks ! > >>> > >>> > >> > > >
