Hi guys, It took me some time to answer, because I had to talk with my project team in order to make a decision, and I also wanted to let people here comment on this subject.
We though the current discussion could be split into the two following issues : * The first one concerns the place of the integration point. * The second one concerns the binary distribution of both packages (jcaptcha in acegi or acegi in jcaptcha) * On the Place of the integration point matter: We agree with you both : - This integration point is not only about integration, but deals also with specific security issues (when to ask the user to solve a captcha, how to forward his request, ect...), and this is not in the scope of the jcaptcha project. - This integration point should be more tied to acegi than to jcaptcha, using a lot of acegi objects and only one interface from jcaptcha. - We also share Georges' vision concerning the idea of this adapter : lets build an open and independant captcha adapter system. As a consequence : -We think that it would be nice to have a generic captcha adapter in acegi -I would be very pleased to help you in designing and implementing such a solution. Have you already put together a team to do it? -I can commit my adapter code, under your license and copyright, as soon as you give me the access to your VSC. * Concerning distribution -Let me just say that the jcaptcha team 's goal is not to become the most downloaded project of sourceforge. Our primary and still first objective is to provide a reliable and extensible framework to build captchas. We are not particulary looking forward to having all acegi users become jcaptcha users. Our goal is to provide solutions for jcaptcha users to help them to integrate captchas in theirs applications. -We have a problem concerning our respective projects licenses : Acegi is under Apache2, and JCaptcha is under LGPL. These licenses are not compatible and thus acegi cannot bundle JCaptcha in its distribution. As a consequence : -We may work on a special aggreement on this point, i'm currently gathering my team opinion. -We may build a sample application under a compatible license. Finally, I just wanted to add that we are very excited here about the acegi-captcha adaptor. What are your thoughs on this ? Best regards MAG -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Franciscus Sent: lundi 27 juin 2005 05:22 To: [email protected] Subject: Re: [Acegisecurity-developer] Captcha I think the most convincing argument to placing the integration point in Acegi is that one day there could be other Captcha implementations. Acegi based Captcha interfaces and adapters allows people to swap their implementations in/out as the need arise ... in the spirit of Spring and Acegi! I'll post my raw code in JIRA so you take a look. ----- Original Message ----- From: "Ben Alex" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Sunday, June 26, 2005 12:37 AM Subject: Re: [Acegisecurity-developer] Captcha > Marc-Antoine Garrigue wrote: > > > Ben Alex told me recently that the API is now stabilized and thus we > > planned to share our code before two weeks and release it this summer. > > What is your opinion about the plan? > > Hi George and Marc-Antoine > > George, if you post your code against the JIRA task I would be pleased > to take a look and explore integration. > > Marc-Antoine, I believe the Acegi Security-JCaptcha integration would be > better maintained within the Acegi Security project, for a few reasons: > > * I would like to give Acegi Security users the benefits of JCaptcha > without having to download it separately. People will like seeing > JCaptcha demonstrated in the Contacts sample application included with > Acegi Security. Many people cut 'n' copy the sample code into their own > application, so many will keep the JCaptcha integration. In reverse, I > cannot imagine JCaptcha having a sample application that demonstrates > Acegi Security features. > * The specific approach to JCaptcha integration with Acegi Security > configuration attributes, filter security interceptor, the ThreadLocal > and Authentication object is likely to develop over time. As decisions > about when to invoke JCaptcha and record the outcome are more concerns > of Acegi Security, it seems more desirable the integration be managed in > the latter's source code. > * Luke is well-progressed on a web.xml to Acegi Security migration tool > (http://opensource.atlassian.com/projects/spring/browse/SEC-1). In a > later version we will include as part of the wizard process a question, > "would you like JCaptcha services?" or similar. This will allow people > addressing their webapp security to adopt JCaptcha. We can only ask this > question if JCaptcha is included with Acegi Security. > * In terms of exposure by where to bundle, many Spring users who > download Acegi Security would be unaware of JCaptcha. So bundling > JCaptcha with Acegi Security will increase exposure of JCaptcha. On the > other hand, Spring users who download JCaptcha will probably already be > aware of Acegi Security (due to the forum, reference documentation, > subproject status, several books on it etc). I cannot therefore see > Acegi Security increasing its user base by being bundled with JCaptcha, > whereas I can see an exposure benefit to JCaptcha by being bundled with > Acegi Security. > * Acegi Security already bundles the CAS client, so a precedent has been > set of placing third party project integration within Acegi Security. > The CAS integration demonstrates what I was referring to earlier about > the integration being more tightly coupled with Acegi Security than CAS, > with the latter offering well-defined protocol standards. > * JCaptcha has currently had 4,498 downloads > (http://sourceforge.net/project/stats/index.php?group_id=97877&ugn=jcaptcha&; type=&mode=alltime) > whilst Acegi Security has currently had 21,468 > (http://sourceforge.net/project/stats/index.php?group_id=104215&ugn=acegisec urity&type=&mode=alltime). > Both projects have been around for a similar length of time. Given this, > it seems reasonable to have greater confidence in my earlier point that > JCaptcha exposure would increase through being bundled with Acegi > Security, as opposed to the other way around. > > It would be good to work with you on this. If you wanted to maintain the > JCaptcha integration within Acegi Security, I would be pleased to give > you CVS access to ensure ongoing integration compatibility. > > I welcome other people's comments on this. I am just trying to achieve > maximum awareness and exposure for both projects, as JCaptcha is a good > solution which I know people will use if it's easy for them to do so. > > Cheers > Ben > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
