[security-dev] New SSO/OAuth2 Project

Anil Saldhana Anil.Saldhana at redhat.com
Thu Apr 18 10:52:31 EDT 2013

Bill - looked at it now. Looks like a good start.

On 04/18/2013 09:48 AM, Anil Saldhana wrote:
> Bill, there is water everywhere here in Chicago. Major flooding. I have
> not looked at anything.
> On 04/18/2013 09:47 AM, Bill Burke wrote:
>> Anil, did you not see the link below?  The one where I said I started a
>> requirements document?
>> On 4/18/2013 10:45 AM, Anil Saldhana wrote:
>>> Bill,
>>>       I think we should start collecting the requirements some place. List
>>> out some high level topics as to what this project
>>> will do etc. The teams (Aerogear, GateIn etc) can give some pointers to
>>> what they like to have.  We can then figure
>>> out the goodies the project will provide.
>>> Regards,
>>> Anil
>>> On 04/18/2013 09:44 AM, Bill Burke wrote:
>>>> Hey all,
>>>> Mark Little approached me about starting a new project to provide an
>>>> SSO/OAuth2 solution for browser apps and RESTful web services.  We've
>>>> gotten some buy-in/signoff from Anil, but I'd like to get buy-in/signoff
>>>> from Boleslaw especially and the rest of you.
>>>> The idea is to provide an integrated SSO/OAuth2 solution for browser
>>>> apps and RESTful web services that can be used as a plugin for AS, a
>>>> standalone auth server, a cloud auth server, and/or a cloud SaaS.  The
>>>> end product being something hosted on OpenShift and usable by anybody.
>>>> I've started a requirements document and really need help rounding it out:
>>>> https://community.jboss.org/wiki/ResteasySkeletonKeyWebSSOOAuth
>>>> I also need help on the division of labor, if any with the Picketlink
>>>> team, or any individual on this team.  I'm fine doing all the work,
>>>> delegating pieces to individuals, and/or reusing parts of Picketlink.
>>>> What should the division of labor be?  My first thought is that I'd
>>>> build the service wholly or partially on the IDM API you all have been
>>>> working on.  That way you guys could focus on storage and federation
>>>> (i.e. with LDAP, et. al.) and I could focus on UI, service, and protocol
>>>> aspects.
>>>> Also, as most of you already know.  I've already done a ton of work so far:
>>>> http://docs.jboss.org/resteasy/docs/3.0-beta-4/userguide/html/oauth2.html
>>>> Previously I had also even started prototyping a cloudable IDP service
>>>> using Infinispan as a backend store.
>>>> https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-key-idm/skeleton-key-idp
>>>> When the project is started, I'll be creating a new github project.  I'd
>>>> like to name the project "Resteasy Skeleton Key" or "Picketlink Skeleton
>>>> Key".
>>>> Thoughts?  Concerns?  Ideas? Insults? Whines? Cheers? Trash Talk? Once
>>>> things get moving we'll also be talking to PM and the Cloud BU.

More information about the security-dev mailing list