On 19.9.2013 03:11, Bill Burke wrote:
We need to decide what we want to do for M1. Here's my stab at
it.
Let's discuss in email first as much as we can and then have a hangout
sometime next week to go over it and nail things down.
First and foremost. We have to focus. No new features. No playing
around. For example: no adding refresh token support. No client-cert
support. No changes to protocols. No new backends. Let's just use
Picketlink JDBC. No 'forgot password' using SMS, etc... You get the
picture.
At this moment, I have working MongoDB backend and I would like to send
PR with it by the end of this week. I just need to adapt this with
latest changes in RealmModel and UserModel interfaces (added new fields
related to requiredActions and totp).
TBH I don't know why to not have it as part of M1? I am not seeing any
disadvantages for people to have possibility to choose from more
backends? Another thing is that it is easier for people to see or edit
DB content directly in MongoDB database. Of course it's not so easy as
directly edit XML/JSON file, but much easier than Picketlink IDM DB
schema, which is quite complex.
I am seeing just one disadvantage that every change in model interfaces
needs to be adapted to both backend implementations, but you can always
workaround this by implement stuff just for Picketlink and create JIRA
for me to adapt changes to MongoDB backend. I can also disable MongoDB
unit tests by default (ATM I have them enabled by default in my branch)
Marek
Required:
* Social Broker login with as many providers as possible. Minimally
Google and Facebook.
* SSO and SLO (Single Log Out)
* Password and TOTP login
* OAuth Client Grant support
* Example with apps using all o these features
* Keycloak website setup and finalized
* Online video walking through a demonstration of features
* Online video walking though how to configure it
* JBoss 7.1.x Community and JBoss EAP 6.1 support
Knowing this there are two paths we can take. We can either include an
Admin UI in M1 or not. IMO, if we do *NOT* have an Admin UI for M1, we
probably need to not have registration or account management. Here's
what it might look like:
Option #1: No Input UIs
* A read-only XML/JSON file-based backend. Users must edit this to add
users, roles, etc...
* No Admin UI
* No Registration, forgotten passwords, account management. All these
require runtime updates to the database.
* What would we do about social though? As it requires registration?
Work required (time estimates could take shorter or longer depending on
interruptions):
* 1-2 man-weeks to do file-based back-end
* 1-5 days to design the OAuth Grant Pages.
* 1 day to incorporate Grant pages
* Do we want fancier demo apps to show SSO and OAuth Grants? If so,
this is minimum 2 weeks. 1 to get Event Juggler hooked into Keycloak.
1+ weeks to create another related SSO application. 1+ more to create
an OAuth application.
* 1 week to organize the Website and create demo videos.
* 1-2 weeks for documentation
* 1+ weeks to decide and implement how we're going to distribute
keycloak. Will it be a AS7 and/or EAP distro? A WAR? etc...
So best case scenario is end of October. It would minimally require
myself and Gabriel. Others would be needed if we want fancier demo apps
as it is beyond my ability to create a nice looking demo app in a short
period of time.
Option #2: UIs
This would take a lot more work as we would need to finish up the admin,
registration, and account management UIs. I'd say Christmas time would
be a viable M1 release for this. This would require everybody.