On 09/12/2015 13:16, Tony Stevenson wrote:
Francesco,
As I said in HipChat, I'd love to be able to say that we can do this.
But the fact is right now infra are tied up for at least 6 months.
I think the best way to gain any traction on this is for the Syncope PMC
to stand up a PoC that replaces 1 (or more) of the components used.
As anticipated via HipChat, this is actually the deep sense of my
proposal, e.g. the direct engagement of Syncope PMC - not only,
actually, but anyone interested - for supporting the infra team.
A PoC sounds like a straight, concrete and limited way to start
approaching IdM at ASF with Syncope.
i.e. these might include:
- https://id.apache.org (The end-user part of it)
- acreq - The user account request workflow
- Identity Management as a whole.
- PMC karma management
I will be more than happy to help guide the PMC, and give you an ASF VM
on which you can stand up your PoC, and guide you on the business logic
already in place for any of these tools.
That's good - IMO we need:
1. a place where to ask for information, provide feedback, etc. (shall
we keep crossposting infra@ and dev@syncope?)
2. VM
3. SCM
4. (possibly) some issue tracker (not necessarily JIRA, something
simpler would fit the job as well)
5. (nice to have) some wiki (not necessarily Confluence, something
simpler would fit the job as well)
For a long time we have tried to manage identity, or some cut-down
version of it, solely via LDAP. Then we added id.apache.org, and then
acreq was added. They were all really disjointed efforts. If we can
bring all this under one roof, and make it usable I think it will be a
win.
The idea of a PoC is to be able to demonstrate that Syncope could
basically be dropped in, and replace one of these components.
We'd also want some decent handover and/or training from the Syncope
community. I'm not sure we'd accept it if the community wanted to
support it on it's own, because the sad fact is people move on, and we
would be left with a critical piece of the jigsaw remaining unsupported.
Agree on this last point as well: I'd suggest to identify someone from
the infra team which could follow activities, provide inputs, etc since
the beginning.
Regards.
On Wed, 9 Dec 2015, at 12:06 PM, Francesco Chicchiriccò wrote:
[Re-sending to infra@ after quick chat with infra]
Howdy Infra,
following a discussion [1] we had on Syncope PMC list, I would like to
start a thread around possible usage of Apache Syncope for managing
identity flows within the ASF infrastructure.
Let me start with a real-life sample: I have recently been asked to join
CXF as committer (good to me!).
I know from [2] that, since I already own an ASF id, someone from CXF
PMC had to run a perl script on people.apache.org in order to add myself
to the LDAP commiter group for CXF.
If instead this was my first invitation, someone had to prior request
for an account [3] (note the different link for PMC chairs and PMC
members) and trigger a (manual) approval process which ensures at least
the availability of the chosen ASF id and the presence of a valid ICLA
which can be "reconciled" with such request.
Once in, someone with enough karma still needs to grant me proper access
to JIRA and Confluence (and / or more applications).
If I'd like to change my password and manage my own details (including
SSH and GPG) I can log into [4].
Naturally, I have omitted several parts of the process, especially the
ones related to becoming PMC [5] or ASF member, which are even more
involved.
As Syncope PMC, we believe it is worth to explore the possibility of
using Syncope for driving the processes summarized above, and more.
I see this as a win-win situation: Infra will benefit from introducing a
proper tool for the job, and Syncope will get more visibility both
within the foundation and externally (think to some post(s) by Infra
describing this work).
In the past I have exchanged some e-mails with Tony Stevenson about this
topic, and it seemed to me he was interested on the topic, even though
at a certain point we did not follow up.
Should you be interested, we are available to discuss in order to
identify together the required steps, and also to provide material help,
if required.
Looking forward for your reply.
Regards.
[1]
https://mail-search.apache.org/members/private-arch/syncope-private/201511.mbox/%[email protected]%3E
[2] https://www.apache.org/dev/pmc.html#karma
[3] https://id.apache.org/acreq/
[4] https://id.apache.org/
[5] https://www.apache.org/dev/pmc.html#newpmc
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer
http://home.apache.org/~ilgrosso/
