Aside: I've had second thoughts on JWT. I think it's not suitable for what we discussed, after reading this: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/. Think particularly about how you would log out, or invalidate a token if a user's credentials were compromised (you can't, basically). This thread's not the place to discuss this but I wouldn't suggest it in connection with GSoC.
On Tue, 23 Jan 2018 at 21:49 Richard Downer <[email protected]> wrote: > Hi Thomas, > > Your proposal for the UI looks good now. Let's give it another day or two > to see if there's more comments, and then I'd be in favour of making it > official and adding the gsoc2018 tag. > > About my proposal for the authentication rework - I was actually worried > that the basic task might be too easy, which is why I fleshed out the > requirements in more detail! After all, adding authorisation by token and a > basic user directory should be possible in one month, let alone three. > However I'd imagine that the only essential part is the basic functionality > as long as its designed with the other goals in mind - the rest of it can > be stretch goals, and done after GSoC conclusion if necessary. Are my > expectations realistic or am I on a different planet? :-) > > JWT is definitely a suggestion I'd make too, but probably at the stage > where the project kicks off rather than making it a requirement at this > stage. > > Cheers > Richard. > > > On 23 January 2018 at 17:03, Thomas Bouron < > [email protected]> > wrote: > > > I updated the JIRA with your ideas Richard, available at [1]. > > > > Regarding the one you created, I like it very much, that would be great > to > > have this! I'm just a bit afraid about the scope, sounds very large. > Maybe > > should we try to reduce it by suggesting a particular direction, i.e. > JWT? > > I remember Mark talking about this but it never got implemented. WDYT? > > > > Best. > > > > [1] https://issues.apache.org/jira/browse/BROOKLYN-575 > > > > On Tue, 23 Jan 2018 at 16:10 Thomas Bouron <thomas.bouron@cloudsoftcorp. > > com> > > wrote: > > > > > Thanks for the feedback Richard! > > > > > > I like your ideas and it's probably worth indeed. Although, I read the > > > GSoC FAQ and it does says[1] > > > > > > > There is an art to writing a project description that leads to good > > > student applications. It is tempting to write a detailed project plan > for > > > the student to follow. However, students tend to echo such plans in > their > > > applications, making it difficult to evaluate their quality. It is > better > > > to briefly describe a general high-level need, and the motivation > behind > > > that need. Keeping the scope modest helps encourage more applicants, > > while > > > adding a “stretch” goal to the project description may encourage > stronger > > > students to take on the challenge of meeting it. > > > > > > So I'm not sure we need to go into that length. Maybe something in > > > between? I'll make some amends and get back to you. > > > > > > Best > > > > > > [1] > > > > https://google.github.io/gsocguides/mentor/defining-a-project-ideas-list > > > > > > On Tue, 23 Jan 2018 at 15:41 Richard Downer <[email protected]> > wrote: > > > > > >> This is a great start :-) and thanks for volunteering to mentor, too. > > >> > > >> I'm wondering if we should expand this out with some more introductory > > >> material, and expand a bit more on the skills required? I'm assuming > > that > > >> prospective GSoC students would see only the content of the JIRA, so > > maybe > > >> setting some more context would be appropriate. > > >> > > >> Perhaps open with... > > >> > > >> "Apache Brooklyn is a tool for running stuff in "the cloud", such as > > >> Amazon > > >> EC2. In more detail, it's a tool for describing applications and their > > >> components, deploying these applications to the cloud, and managing > the > > >> ongoing health and responsiveness. Brooklyn does this using > blueprints - > > >> human readable documents which describe in detail an application > > >> component, > > >> or a whole application. Blueprints are stored in a catalog, > essentially > > a > > >> built-in database of components and applications. An application > > blueprint > > >> can call on component blueprints from the catalog, therefore allowing > > >> complex applications to be built from simple pieces." > > >> > > >> I'd maybe also remove the prescribed list of views in favour of > > something > > >> more general. Our student may come up with a radical new idea that we > > had > > >> not considered! Example: > > >> > > >> "The UI should facilitate three main tasks: (1) deploying an > > application; > > >> (2) viewing and managing deployed applications; (3) viewing and > managing > > >> the catalog. There may also be further auxiliary tasks that the UI > will > > >> need to support, such as a REST API explorer." > > >> > > >> Finally I'd suggest we talk about the skills that the task will > require > > - > > >> although we should be careful not to frame these as prerequisites, as > it > > >> is > > >> the aim that the student will have to learn something :-) > > >> > > >> "The project for green-field development of a new web based UI will > > >> involve: selecting a modern Javascript web framework; working with > REST > > >> APIs; a visually appealing design; an easy-to-use user experience. The > > >> server side API is written in Java but an understanding of Java is NOT > > >> required." > > >> > > >> WDYT? > > >> > > >> Cheers > > >> Richard > > >> > > >> On 23 January 2018 at 15:02, Thomas Bouron < > > >> [email protected]> > > >> wrote: > > >> > > >> > Hi all. > > >> > > > >> > I create a JIRA for this[1] following the instructions from Ulrich. > I > > >> > haven't tag it properly because I wanted to run the JIRA through you > > >> all to > > >> > check if everything was ok and in case you wanted to add something > > else. > > >> > > > >> > Assuming I don't get comments, I would gladly put myself as a mentor > > for > > >> > this one. > > >> > > > >> > WDYT? > > >> > > > >> > Best. > > >> > > > >> > [1] https://issues.apache.org/jira/browse/BROOKLYN-575 > > >> > > > >> > On Tue, 23 Jan 2018 at 11:21 Thomas Bouron > > <thomas.bouron@cloudsoftcorp. > > >> > com> > > >> > wrote: > > >> > > > >> > > Hi Richard. > > >> > > > > >> > > I love the idea of having a replacement GUI project for this, > sounds > > >> like > > >> > > a very good opportunity for everyone to learn a new thing. > > >> > > I'll try to draft a proposal this week. > > >> > > > > >> > > Best. > > >> > > > > >> > > On Tue, 23 Jan 2018 at 10:45 Richard Downer <[email protected]> > > >> wrote: > > >> > > > > >> > >> Hi all, > > >> > >> > > >> > >> Apache is gearing up for Google Summer of Code 2018. All Apache > > >> projects > > >> > >> have been invited to submit their ideas for GSoC projects. > > >> > >> > > >> > >> For those not familiar with GSoC, the idea is during that > students > > >> will > > >> > >> use > > >> > >> their summer break to embark on a 3-month programming project > with > > an > > >> > open > > >> > >> source organisation. > > >> > >> > > >> > >> If we want to take part then we simply need to come up with some > > >> > suitable > > >> > >> ideas and open a JIRA ticket with suitable labels. We'll also > need > > >> > mentors > > >> > >> to work with our students - mentors will need to keep a > continuous > > >> > dialog > > >> > >> with their student and expect to consume 3-5 hours a week in that > > >> role. > > >> > >> > > >> > >> **Deadline for this is 30th January - Tuesday next week** > > >> > >> > > >> > >> Any ideas for GSoC projects - projects that can be completed in 3 > > >> months > > >> > >> by > > >> > >> a student? > > >> > >> > > >> > >> Our GUI is somewhat dated - a replacement GUI project? > > >> > >> > > >> > >> A project to add support for updating a blueprint of a running > > >> > >> application? > > >> > >> > > >> > >> Anything else? > > >> > >> > > >> > >> > > >> > >> A bit more information from Ulrich Stärk who is running the > Apache > > >> side > > >> > of > > >> > >> GSoC: > > >> > >> > > >> > >> Google Summer of Code [1] is a program sponsored by Google > allowing > > >> > >> students to spend their summer working on open source software. > > >> Students > > >> > >> will receive stipends for developing open source software > full-time > > >> for > > >> > >> three months. Projects will provide mentoring and project ideas, > > and > > >> in > > >> > >> return have the chance to get new code developed and - most > > >> importantly > > >> > - > > >> > >> to identify and bring in new committers. > > >> > >> > > >> > >> The ASF will apply as a participating organization meaning > > individual > > >> > >> projects don't have to apply > > >> > >> separately. > > >> > >> > > >> > >> If you want to participate with your project we ask you to do the > > >> > >> following > > >> > >> things as soon as > > >> > >> possible but please no later than 2017-01-30: > > >> > >> > > >> > >> 1. understand what it means to be a mentor [2]. > > >> > >> > > >> > >> 2. record your project ideas. > > >> > >> > > >> > >> > > >> > >> [1] https://summerofcode.withgoogle.com/ > > >> > >> [2] http://community.apache.org/guide-to-being-a-mentor.html > > >> > >> > > >> > > > > >> > > > > >> > > -- > > >> > > > > >> > > Thomas Bouron • Senior Software Engineer @ Cloudsoft Corporation • > > >> > > https://cloudsoft.io/ > > >> > > Github: https://github.com/tbouron > > >> > > Twitter: https://twitter.com/eltibouron > > >> > > > > >> > > > >> > > > >> > -- > > >> > > > >> > Thomas Bouron • Senior Software Engineer @ Cloudsoft Corporation • > > >> > https://cloudsoft.io/ > > >> > Github: https://github.com/tbouron > > >> > Twitter: https://twitter.com/eltibouron > > >> > > > >> > > > > > > > > > -- > > > > > > Thomas Bouron • Senior Software Engineer @ Cloudsoft Corporation • > > > https://cloudsoft.io/ > > > Github: https://github.com/tbouron > > > Twitter: https://twitter.com/eltibouron > > > > > > > > > -- > > > > Thomas Bouron • Senior Software Engineer @ Cloudsoft Corporation • > > https://cloudsoft.io/ > > Github: https://github.com/tbouron > > Twitter: https://twitter.com/eltibouron > > >
