This group is locked. No changes can be made to the group while it is locked.
Date
1 - 3 of 3
Fw: Announcing that Apache Oltu has been moved to the Attic
|
Stephen Kitt <skitt@...>
Hello AAA devs,
This is relevant to AAA... (I know Ryan intended to move away from Oltu, this just adds another nail to the coffin.) Regards, Stephen Begin forwarded message: Date: Sun, 8 Apr 2018 13:49:00 +0200 From: jani@... To: announce@... Subject: Announcing that Apache Oltu has been moved to the Attic Announcing that the Apache Oltu committers have voted to retire the project due to inactivity. Oltu was an OAuth protocol implementation in Java. It also covers others "OAuth family" related implementations such as JWT, JWS and OpenID Connect. Retiring a project is not as simple as turning everything off, as existing users need to both know that the project is retiring and retain access to the necessary information for their own development efforts. You can read more about Oltu's retirement at: http://attic.apache.org/projects/Oltu.html The user mailing list remains open, while the rest of the project's resources will continue to be available in a read-only state - website, wikis, svn, downloads and bug tracker with no change in url. Providing process and solutions to make it clear when an Apache project has reached its end of life is the role of the Apache Attic, and you can read more about that at: http://attic.apache.org/ Thanks, Jan Iversen on behalf of the Apache Attic and the now retired Apache Oltu project -- Stephen Kitt Principal Software Engineer, Office of the CTO Red Hat
|
|
|
|
Ryan Goulding <ryandgoulding@...>
Thanks for forwarding on this announcement, Stephen. We will need to start investigating proper replacements soon. Best Regards, Ryan Goulding
On Mon, Apr 9, 2018 at 3:54 AM, Stephen Kitt <skitt@...> wrote: Hello AAA devs,
|
|
|
|
Ryan Goulding <ryandgoulding@...>
One possible stop-gap measure is to temporarily fork a minimal set of oltu code into the AAA repository since we use very little anyway [0]. I do believe we will want to eventually get rid of the AAA OAuth2 Provider anyway in favor of federation with existing OAuth2 system(s), since AAA team has attempted to avoid becoming an IdP. If we combined [0] with deprecating the HTTP API(s) in Fluorine, followed by an investigation of OAuth2 Provider federation, I think we will be in much better shape. Thoughts? [0] will get us away from org.json as well, since the upstream migration was never released but is in the code! Owning an OAuth2 Provider is costly, and I believe many solutions suggest using OpenID instead. The fact is, ODL is a Network Controller, not a tokening system. Right now, our OAuth2 system does not really reflect an accurate OAuth2 deployment model, and is really closer to an OAuth1 authentication tokening system anyway. Open to entertain conversation on this.
On Wed, Apr 11, 2018 at 1:39 PM, Ryan Goulding <ryandgoulding@...> wrote:
|
|
|