[security-dev] New SSO/OAuth2 Project

Anil Saldhana Anil.Saldhana at redhat.com
Thu Apr 18 10:48:31 EDT 2013

Bill, there is water everywhere here in Chicago. Major flooding. I have 
not looked at anything.

On 04/18/2013 09:47 AM, Bill Burke wrote:
> Anil, did you not see the link below?  The one where I said I started a
> requirements document?
> On 4/18/2013 10:45 AM, Anil Saldhana wrote:
>> Bill,
>>      I think we should start collecting the requirements some place. List
>> out some high level topics as to what this project
>> will do etc. The teams (Aerogear, GateIn etc) can give some pointers to
>> what they like to have.  We can then figure
>> out the goodies the project will provide.
>> Regards,
>> Anil
>> On 04/18/2013 09:44 AM, Bill Burke wrote:
>>> Hey all,
>>> Mark Little approached me about starting a new project to provide an
>>> SSO/OAuth2 solution for browser apps and RESTful web services.  We've
>>> gotten some buy-in/signoff from Anil, but I'd like to get buy-in/signoff
>>> from Boleslaw especially and the rest of you.
>>> The idea is to provide an integrated SSO/OAuth2 solution for browser
>>> apps and RESTful web services that can be used as a plugin for AS, a
>>> standalone auth server, a cloud auth server, and/or a cloud SaaS.  The
>>> end product being something hosted on OpenShift and usable by anybody.
>>> I've started a requirements document and really need help rounding it out:
>>> https://community.jboss.org/wiki/ResteasySkeletonKeyWebSSOOAuth
>>> I also need help on the division of labor, if any with the Picketlink
>>> team, or any individual on this team.  I'm fine doing all the work,
>>> delegating pieces to individuals, and/or reusing parts of Picketlink.
>>> What should the division of labor be?  My first thought is that I'd
>>> build the service wholly or partially on the IDM API you all have been
>>> working on.  That way you guys could focus on storage and federation
>>> (i.e. with LDAP, et. al.) and I could focus on UI, service, and protocol
>>> aspects.
>>> Also, as most of you already know.  I've already done a ton of work so far:
>>> http://docs.jboss.org/resteasy/docs/3.0-beta-4/userguide/html/oauth2.html
>>> Previously I had also even started prototyping a cloudable IDP service
>>> using Infinispan as a backend store.
>>> https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-key-idm/skeleton-key-idp
>>> When the project is started, I'll be creating a new github project.  I'd
>>> like to name the project "Resteasy Skeleton Key" or "Picketlink Skeleton
>>> Key".
>>> Thoughts?  Concerns?  Ideas? Insults? Whines? Cheers? Trash Talk? Once
>>> things get moving we'll also be talking to PM and the Cloud BU.
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list