This group is locked. No changes can be made to the group while it is locked.
Re: Fw: Announcing that Apache Oltu has been moved to the Attic
Ryan Goulding <ryandgoulding@...>
One possible stop-gap measure is to temporarily fork a minimal set of oltu code into the AAA repository since we use very little anyway [0]. I do believe we will want to eventually get rid of the AAA OAuth2 Provider anyway in favor of federation with existing OAuth2 system(s), since AAA team has attempted to avoid becoming an IdP. If we combined [0] with deprecating the HTTP API(s) in Fluorine, followed by an investigation of OAuth2 Provider federation, I think we will be in much better shape. Thoughts? [0] will get us away from org.json as well, since the upstream migration was never released but is in the code! Owning an OAuth2 Provider is costly, and I believe many solutions suggest using OpenID instead. The fact is, ODL is a Network Controller, not a tokening system. Right now, our OAuth2 system does not really reflect an accurate OAuth2 deployment model, and is really closer to an OAuth1 authentication tokening system anyway. Open to entertain conversation on this.
On Wed, Apr 11, 2018 at 1:39 PM, Ryan Goulding <ryandgoulding@...> wrote:
|
|