[keycloak-dev] M1 release scope

Wed Sep 18 21:11:18 EDT 2013

We need to decide what we want to do for M1.  Here's my stab at it. 
Let's discuss in email first as much as we can and then have a hangout 
sometime next week to go over it and nail things down.

First and foremost.  We have to focus.  No new features.  No playing 
around.  For example:  no adding refresh token support.  No client-cert 
support.  No changes to protocols. No new backends.  Let's just use 
Picketlink JDBC.  No 'forgot password' using SMS, etc... You get the 
picture.

Required:

* Social Broker login with as many providers as possible.  Minimally 
Google and Facebook.
* SSO and SLO (Single Log Out)
* Password and TOTP login
* OAuth Client Grant support
* Example with apps using all o these features
* Keycloak website setup and finalized
* Online video walking through a demonstration of features
* Online video walking though how to configure it
* JBoss 7.1.x Community and JBoss EAP 6.1 support

Knowing this there are two paths we can take.  We can either include an 
Admin UI in M1 or not.  IMO, if we do *NOT* have an Admin UI for M1, we 
probably need to not have registration or account management.  Here's 
what it might look like:

Option #1: No Input UIs

* A read-only XML/JSON file-based backend.  Users must edit this to add 
users, roles, etc...
* No Admin UI
* No Registration, forgotten passwords, account management.  All these 
require runtime updates to the database.
* What would we do about social though?  As it requires registration?

Work required (time estimates could take shorter or longer depending on 
interruptions):
* 1-2 man-weeks to do file-based back-end
* 1-5 days to design the OAuth Grant Pages.
* 1 day to incorporate Grant pages
* Do we want fancier demo apps to show SSO and OAuth Grants?  If so, 
this is minimum 2 weeks.  1 to get Event Juggler hooked into Keycloak. 
1+ weeks to create another related SSO application.  1+ more to create 
an OAuth application.
* 1 week to organize the Website and create demo videos.
* 1-2 weeks for documentation
* 1+ weeks to decide and implement how we're going to distribute 
keycloak.  Will it be a AS7 and/or EAP distro?  A WAR?  etc...

So best case scenario is end of October.  It would minimally require 
myself and Gabriel.  Others would be needed if we want fancier demo apps 
as it is beyond my ability to create a nice looking demo app in a short 
period of time.

Option #2: UIs

This would take a lot more work as we would need to finish up the admin, 
registration, and account management UIs.  I'd say Christmas time would 
be a viable M1 release for this.  This would require everybody.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com