[keycloak-dev] M1 release scope

[Marek Posolda]

On 19.9.2013 14:29, Bill Burke wrote:
>
> On 9/19/2013 5:10 AM, Stian Thorgersen wrote:
>> Bill, I assume you would be happy with Marek adding MongoDB to M1 as long as we take on any work related to it?
>>
>> It's important for the MBaaS project.
> I'd be happy to ditch Picketlink and use Mongo.  Marek, is it something
> that can be learned quickly?
yes, I think it is. I can easily add the possibility to have 
automatically trigger startup of embedded Mongo DB, so you won't need to 
do/install anything special.

Besides that I've made some simple wrapper API for mapping, which will 
allow to have just annotations on getter/setter objects and 
automatically load/save whole object directly from/to MongoDB (Not 
something like full ORM but subset of it, which I hope is simplifying 
things and allow to lately add support for more things like indexes on 
some fields etc)

Marek
>
>> I think we need to have:
>>
> Keep in mind that this is just a milestone release to garner community
> interest and show Red Hat management that we're capable of delivering
> something.
>
>> * REST endpoints for admin tasks - managing realms, applications and users - it should be possible to authenticate to these using TokenService
>> * REST endpoints for user tasks - login, register, change password, etc. - same again authenticate using TokenService
>> * Document all REST endpoints
>> * Forms for required user actions - register, verify email, reset password, update profile (for social)
>>
> As I said in the OP, if we had a read-only backend that was just one or
> two big JSON or XML files, the admin could edit them directly.  Then
> there would be no need for a management REST or UI interface, no need
> for registration, email verification, reset password, etc...  We would
> just ship a token service, login page, and oauth grant page in this
> scenario.  As I mentioned in the OP, there's still a lot of work to do
> just to do this.
>
> Another option is to hold off on the Admin Web UI and do a console
> command line interface.  This would allow us to flush out the admin REST
> interfaces.
>
> All this depends when we want to do an M1 release.  If we're find with
> an end-of-year release, then we can keep doing what we're doing instead
> of refocusing.
>
>> The admin console could be (and should be IMO) separated out completely. To enable it you would register it as an application with the Keycloak server and configure it in the same way as you use any other application. This way it can be released separately to the main Keycloak server (and also deployed separately). I also think we should get rid of the authentication parts in SaasService and use TokenService instead. This is to reduce the duplicated effort, and also I think that's the correct approach in either case - the admin console (and any other consoles, cli, etc.) should just be applications registered with Keycloak and use public rest endpoints for authentication and to manage realms/apps/users.
>>
> Ok, that sounds good.  I agree that SaaS login and registration probably
> needs to go.  From our conversations it seems that we're not going to be
> deploying Keycloak as a SaaS that services multiple accounts, even in a
> cloud environment.   All this effects the design of the backend and how
> we bootstrap, configure, and install Keycloak.  We need a separate email
> thread to discuss this.
>
>
>