Re: Fw: Announcing that Apache Oltu has been moved to the Attic

Ryan Goulding <ryandgoulding@...>

One possible stop-gap measure is to temporarily fork a minimal set of oltu code into the AAA repository since we use very little anyway [0].  I do believe we will want to eventually get rid of the AAA OAuth2 Provider anyway in favor of federation with existing OAuth2 system(s), since AAA team has attempted to avoid becoming an IdP.  If we combined [0] with deprecating the HTTP API(s) in Fluorine, followed by an investigation of OAuth2 Provider federation, I think we will be in much better shape.  Thoughts?  [0] will get us away from org.json as well, since the upstream migration was never released but is in the code!

Owning an OAuth2 Provider is costly, and I believe many solutions suggest using OpenID instead.  The fact is, ODL is a Network Controller, not a tokening system.  Right now, our OAuth2 system does not really reflect an accurate OAuth2 deployment model, and is really closer to an OAuth1 authentication tokening system anyway. Open to entertain conversation on this.

On Wed, Apr 11, 2018 at 1:39 PM, Ryan Goulding <ryandgoulding@...> wrote:
Thanks for forwarding on this announcement, Stephen.  We will need to start investigating proper replacements soon.

Best Regards,

Ryan Goulding

On Mon, Apr 9, 2018 at 3:54 AM, Stephen Kitt <skitt@...> wrote:
Hello AAA devs,

This is relevant to AAA... (I know Ryan intended to move away from
Oltu, this just adds another nail to the coffin.)



Begin forwarded message:

Date: Sun, 8 Apr 2018 13:49:00 +0200
From: jani@...
To: announce@...
Subject: Announcing that Apache Oltu has been moved to the Attic

Announcing that the Apache Oltu committers have voted to retire the
project due to inactivity. Oltu was an OAuth protocol implementation in
Java. It also covers others "OAuth family" related implementations such
as JWT, JWS and OpenID Connect.

Retiring a project is not as simple as turning everything off, as
existing users need to both know that the project is retiring and
retain access to the necessary information for their own development
efforts. You can read more about Oltu's retirement at: The user mailing list
remains open, while the rest of the project's resources will continue
to be available in a read-only state - website, wikis, svn, downloads
and bug tracker with no change in url. Providing process and solutions
to make it clear when an Apache project has reached its end of life is
the role of the Apache Attic, and you can read more about that at:

Thanks, Jan Iversen on behalf of the Apache Attic and the now retired
Apache Oltu project

Stephen Kitt
Principal Software Engineer, Office of the CTO
Red Hat

aaa-dev mailing list

Join to automatically receive all group messages.