[keycloak-dev] M1 release scope

Marek Posolda mposolda at redhat.com
Thu Sep 19 04:28:12 EDT 2013


On 19.9.2013 03:11, Bill Burke wrote:
> We need to decide what we want to do for M1.  Here's my stab at it.
> Let's discuss in email first as much as we can and then have a hangout
> sometime next week to go over it and nail things down.
>
> First and foremost.  We have to focus.  No new features.  No playing
> around.  For example:  no adding refresh token support.  No client-cert
> support.  No changes to protocols. No new backends.  Let's just use
> Picketlink JDBC.  No 'forgot password' using SMS, etc... You get the
> picture.
At this moment, I have working MongoDB backend and I would like to send 
PR with it by the end of this week. I just need to adapt this with 
latest changes in RealmModel and UserModel interfaces (added new fields 
related to requiredActions and totp).

TBH I don't know why to not have it as part of M1? I am not seeing any 
disadvantages for people to have possibility to choose from more 
backends? Another thing is that it is easier for people to see or edit 
DB content directly in MongoDB database. Of course it's not so easy as 
directly edit XML/JSON file, but much easier than Picketlink IDM DB 
schema, which is quite complex.

I am seeing just one disadvantage that every change in model interfaces 
needs to be adapted to both backend implementations, but you can always 
workaround this by implement stuff just for Picketlink and create JIRA 
for me to adapt changes to MongoDB backend. I can also disable MongoDB 
unit tests by default (ATM I have them enabled by default in my branch)

Marek

>
> Required:
>
> * Social Broker login with as many providers as possible.  Minimally
> Google and Facebook.
> * SSO and SLO (Single Log Out)
> * Password and TOTP login
> * OAuth Client Grant support
> * Example with apps using all o these features
> * Keycloak website setup and finalized
> * Online video walking through a demonstration of features
> * Online video walking though how to configure it
> * JBoss 7.1.x Community and JBoss EAP 6.1 support
>
> Knowing this there are two paths we can take.  We can either include an
> Admin UI in M1 or not.  IMO, if we do *NOT* have an Admin UI for M1, we
> probably need to not have registration or account management.  Here's
> what it might look like:
>
> Option #1: No Input UIs
>
> * A read-only XML/JSON file-based backend.  Users must edit this to add
> users, roles, etc...
> * No Admin UI
> * No Registration, forgotten passwords, account management.  All these
> require runtime updates to the database.
> * What would we do about social though?  As it requires registration?
>
> Work required (time estimates could take shorter or longer depending on
> interruptions):
> * 1-2 man-weeks to do file-based back-end
> * 1-5 days to design the OAuth Grant Pages.
> * 1 day to incorporate Grant pages
> * Do we want fancier demo apps to show SSO and OAuth Grants?  If so,
> this is minimum 2 weeks.  1 to get Event Juggler hooked into Keycloak.
> 1+ weeks to create another related SSO application.  1+ more to create
> an OAuth application.
> * 1 week to organize the Website and create demo videos.
> * 1-2 weeks for documentation
> * 1+ weeks to decide and implement how we're going to distribute
> keycloak.  Will it be a AS7 and/or EAP distro?  A WAR?  etc...
>
> So best case scenario is end of October.  It would minimally require
> myself and Gabriel.  Others would be needed if we want fancier demo apps
> as it is beyond my ability to create a nice looking demo app in a short
> period of time.
>
> Option #2: UIs
>
> This would take a lot more work as we would need to finish up the admin,
> registration, and account management UIs.  I'd say Christmas time would
> be a viable M1 release for this.  This would require everybody.
>
>



More information about the keycloak-dev mailing list