On 04/06/2014 21:25, Jean-Baptiste Onofré wrote:
Hi guys,
I'm happy as I should have some time to work again on Syncope next
week (and the following weeks ;)).
I have some ideas that I would like to share and discuss with you.
Please, correct me if I'm wrong, if the ideas are stupid, or already
done ;)
1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
We already discussed of that in the past. It doesn't change the
Syncope codebase itself, it's just an addition on the Karaf side.
The first thing is to provide a SyncopeLoginModule in Karaf allowing
to delegate the user backend to Syncope. Currently, Karaf provides
PropertiesLoginModule (the username/password are stored in the simple
properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
Thanks to the SyncopeLoginModule, the users just delegate the Karaf
container JAAS realm backend to Syncope, who manages its own backend
(LDAP, etc).
On the other hand, I will provide a Karaf feature to be able to easily
install Syncope directly in Karaf.
This sounds very cool: when you discuss or file issue(s) on Karaf's
JIRA, please report here, I personally would love to watch and possibly
test :-)
2/ OAuth2 Service Provider feature
More and more companies want to provide an "internal" oauth2 service
provider (instead of using "public" one like amazon, bitbucket, etc).
What do you think to add an optional feature to Syncope to turn
Syncope as an OAuth2 Service Provider ?
Really nice.
I would see this feature as part of the "Access Management" feature set
currently scheduled for 3.0.0 [1] - clearly this does not mean we cannot
implement it before.
3/ CXF authentication ready to use feature
Right now, we can use Syncope with CXF by implementing an interceptor
delegating to the Syncope REST API.
It's not really straight forward for the user as it requires to write
some kind of plumbing code.
I think it could be helpful to provide a ready to use "CXF feature"
providing the interceptor that we can configure (the location of the
Syncope instance, etc).
Maybe it makes more sense to add this on the CXF part more than on the
Syncope side, but, anyway, it could be very helpful for the users.
Hum, I am probably missing some bits on CXF side: are you proposing to
provide a sort of "Syncope authentication module" for CXF, as suggested
above for Karaf?
Could it be the case to maintain such module(s) in Syncope codebase
anyway? We will need of course to keep them up-to-date either with
respect to Syncope and CXF / Karaf of course, so we will need CXF and
Karaf expertise - which we actually have :-)
Regards.
[1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
