[security-dev] New SSO/OAuth2 Project

Bill Burke bburke at redhat.com
Thu Apr 18 10:47:14 EDT 2013 

Anil, did you not see the link below?  The one where I said I started a 
requirements document?

On 4/18/2013 10:45 AM, Anil Saldhana wrote:
> Bill,
>     I think we should start collecting the requirements some place. List
> out some high level topics as to what this project
> will do etc. The teams (Aerogear, GateIn etc) can give some pointers to
> what they like to have.  We can then figure
> out the goodies the project will provide.
>
> Regards,
> Anil
>
> On 04/18/2013 09:44 AM, Bill Burke wrote:
>> Hey all,
>>
>> Mark Little approached me about starting a new project to provide an
>> SSO/OAuth2 solution for browser apps and RESTful web services.  We've
>> gotten some buy-in/signoff from Anil, but I'd like to get buy-in/signoff
>> from Boleslaw especially and the rest of you.
>>
>> The idea is to provide an integrated SSO/OAuth2 solution for browser
>> apps and RESTful web services that can be used as a plugin for AS, a
>> standalone auth server, a cloud auth server, and/or a cloud SaaS.  The
>> end product being something hosted on OpenShift and usable by anybody.
>>
>> I've started a requirements document and really need help rounding it out:
>>
>> https://community.jboss.org/wiki/ResteasySkeletonKeyWebSSOOAuth
>>
>> I also need help on the division of labor, if any with the Picketlink
>> team, or any individual on this team.  I'm fine doing all the work,
>> delegating pieces to individuals, and/or reusing parts of Picketlink.
>> What should the division of labor be?  My first thought is that I'd
>> build the service wholly or partially on the IDM API you all have been
>> working on.  That way you guys could focus on storage and federation
>> (i.e. with LDAP, et. al.) and I could focus on UI, service, and protocol
>> aspects.
>>
>> Also, as most of you already know.  I've already done a ton of work so far:
>>
>> http://docs.jboss.org/resteasy/docs/3.0-beta-4/userguide/html/oauth2.html
>>
>> Previously I had also even started prototyping a cloudable IDP service
>> using Infinispan as a backend store.
>>
>> https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-key-idm/skeleton-key-idp
>>
>> When the project is started, I'll be creating a new github project.  I'd
>> like to name the project "Resteasy Skeleton Key" or "Picketlink Skeleton
>> Key".
>>
>> Thoughts?  Concerns?  Ideas? Insults? Whines? Cheers? Trash Talk? Once
>> things get moving we'll also be talking to PM and the Cloud BU.
>>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the security-dev mailing list