If the Syncope community is willing to make a Proof of Concept and deploy/manage it, I see no reason not to give them a box for it :)
As Tony said, this is something that's far out in the future in terms of implementing in the ASF, but that doesn't mean you can get started on a conceptual demo. So +1 to that. With regards, Daniel. On 12/09/2015 01:52 PM, Francesco Chicchiriccò wrote: > On 09/12/2015 13:16, Tony Stevenson wrote: >> Francesco, >> >> As I said in HipChat, I'd love to be able to say that we can do this. >> But the fact is right now infra are tied up for at least 6 months. >> >> I think the best way to gain any traction on this is for the Syncope PMC >> to stand up a PoC that replaces 1 (or more) of the components used. > > As anticipated via HipChat, this is actually the deep sense of my > proposal, e.g. the direct engagement of Syncope PMC - not only, > actually, but anyone interested - for supporting the infra team. > > A PoC sounds like a straight, concrete and limited way to start > approaching IdM at ASF with Syncope. > >> i.e. these might include: >> >> - https://id.apache.org (The end-user part of it) >> - acreq - The user account request workflow >> - Identity Management as a whole. >> - PMC karma management >> >> I will be more than happy to help guide the PMC, and give you an ASF VM >> on which you can stand up your PoC, and guide you on the business logic >> already in place for any of these tools. > > That's good - IMO we need: > > 1. a place where to ask for information, provide feedback, etc. (shall > we keep crossposting infra@ and dev@syncope?) > 2. VM > 3. SCM > 4. (possibly) some issue tracker (not necessarily JIRA, something > simpler would fit the job as well) > 5. (nice to have) some wiki (not necessarily Confluence, something > simpler would fit the job as well) > >> For a long time we have tried to manage identity, or some cut-down >> version of it, solely via LDAP. Then we added id.apache.org, and then >> acreq was added. They were all really disjointed efforts. If we can >> bring all this under one roof, and make it usable I think it will be a >> win. >> >> The idea of a PoC is to be able to demonstrate that Syncope could >> basically be dropped in, and replace one of these components. >> >> We'd also want some decent handover and/or training from the Syncope >> community. I'm not sure we'd accept it if the community wanted to >> support it on it's own, because the sad fact is people move on, and we >> would be left with a critical piece of the jigsaw remaining unsupported. > > Agree on this last point as well: I'd suggest to identify someone from > the infra team which could follow activities, provide inputs, etc since > the beginning. > > Regards. > >> On Wed, 9 Dec 2015, at 12:06 PM, Francesco Chicchiriccò wrote: >>> [Re-sending to infra@ after quick chat with infra] >>> >>> Howdy Infra, >>> following a discussion [1] we had on Syncope PMC list, I would like to >>> start a thread around possible usage of Apache Syncope for managing >>> identity flows within the ASF infrastructure. >>> >>> Let me start with a real-life sample: I have recently been asked to join >>> CXF as committer (good to me!). >>> >>> I know from [2] that, since I already own an ASF id, someone from CXF >>> PMC had to run a perl script on people.apache.org in order to add myself >>> to the LDAP commiter group for CXF. >>> >>> If instead this was my first invitation, someone had to prior request >>> for an account [3] (note the different link for PMC chairs and PMC >>> members) and trigger a (manual) approval process which ensures at least >>> the availability of the chosen ASF id and the presence of a valid ICLA >>> which can be "reconciled" with such request. >>> >>> Once in, someone with enough karma still needs to grant me proper access >>> to JIRA and Confluence (and / or more applications). >>> >>> If I'd like to change my password and manage my own details (including >>> SSH and GPG) I can log into [4]. >>> >>> Naturally, I have omitted several parts of the process, especially the >>> ones related to becoming PMC [5] or ASF member, which are even more >>> involved. >>> >>> As Syncope PMC, we believe it is worth to explore the possibility of >>> using Syncope for driving the processes summarized above, and more. >>> I see this as a win-win situation: Infra will benefit from introducing a >>> proper tool for the job, and Syncope will get more visibility both >>> within the foundation and externally (think to some post(s) by Infra >>> describing this work). >>> >>> In the past I have exchanged some e-mails with Tony Stevenson about this >>> topic, and it seemed to me he was interested on the topic, even though >>> at a certain point we did not follow up. >>> >>> Should you be interested, we are available to discuss in order to >>> identify together the required steps, and also to provide material help, >>> if required. >>> >>> Looking forward for your reply. >>> Regards. >>> >>> [1] >>> https://mail-search.apache.org/members/private-arch/syncope-private/201511.mbox/%[email protected]%3E >>> >>> [2] https://www.apache.org/dev/pmc.html#karma >>> [3] https://id.apache.org/acreq/ >>> [4] https://id.apache.org/ >>> [5] https://www.apache.org/dev/pmc.html#newpmc >
