Fortress API to become an Apache project

[Emmanuel Lécharny <el...@gmail.com>]

Hi guys,

for months now, I'm working with Shawn McKinney on Fortress
(http://www.openldap.org/fortress/ and http://iamfortress.org/overview).
this week, he asked me what would be the best way to get this project
becoming an Apache project.

At thi spoint, we have a few options available :
- go through incubation
- accept the project under ADS umbrella, but as a side project, like
Studio, Mavibot or Escimo
- ask some other umbrella project if they are interested (Shiro, Syncope ?)

I do think there is some potential for this project (which is an API and
a web application) to become an interesting part of Apache Directory, as
it uses either OpenLDAP or ApacheDS as a backend, and also uses the
Apache LDAP API on the client side. It also is a good replacmenet for
the dormant Triplesec project.

At this point, I would be pleased to get your take on such a move.

wdyt ?
PS : Fortress is already using AL 2.0, and Shawn is the main contributor
and code owner so no pb with the code attribution or copyright ownership).

Re: Fortress API to become an Apache project

[Shawn McKinney <mc...@att.net>]

Hello, nice to be joining you for this conversation...

On 06/27/2014 11:02 AM, Emmanuel Lécharny wrote:
> Shawn and his brother were the only guys having work on this piece of
> code, with a few additions from me (mainly the integration of Apache
> LDAP API and Apache DS, plus a few fixes here and there). Obviously,
> Shawn's brother will have to agree to the move, which is not an issue so
> far.

Let me reassure you there will be no problems - my brother supports this 
move.

On 06/27/2014 11:02 AM, Emmanuel Lécharny wrote:
> There are a few dependencies on third party libs which have to be taken
> care of, but AFAIR, mainly UnboundID - and the work is almost done as I
> already used Apache LDAP API as a replacement last year). We have to
> check if there is any other (but AFAIR, nope).

Most of the dependencies are to apache projects like ADS, commons, 
wicket, cxf.  You may review the project pom's:

1. Fortress 'core' SDK:
http://www.openldap.org/devel/gitweb.cgi?p=openldap-fortress-core.git;a=blob;f=pom.xml;h=6b72dbfc6eb20b493c45dda892529e79ccc36261;hb=HEAD

<http://www.openldap.org/devel/gitweb.cgi?p=openldap-fortress-core.git;a=blob;f=pom.xml;h=6b72dbfc6eb20b493c45dda892529e79ccc36261;hb=9e3c80063be49c8782b56d166c891cc2fc53e75a>2. 
Sentry policy enforcement points (Tomcat and Websphere realms for Java 
EE security):
http://www.openldap.org/devel/gitweb.cgi?p=openldap-fortress-realm.git;a=blob;f=pom.xml;h=2f9a46a2c04f3325d9fad19b015e2c477f3fc775;hb=HEAD

3. EnMasse REST AP (uses Apache CXF):
http://www.openldap.org/devel/gitweb.cgi?p=openldap-fortress-enmasse.git;a=blob;f=pom.xml;h=e9242ae58e03a332b19d5e32e619d0c322648486;hb=HEAD<http://www.openldap.org/devel/gitweb.cgi?p=openldap-fortress-enmasse.git;a=blob;f=pom.xml;h=e9242ae58e03a332b19d5e32e619d0c322648486;hb=0ef3f5e032a39b6bb1414850184827586c6f86b0>

4. Commander Web admin (uses Apache Wicket):
http://www.openldap.org/devel/gitweb.cgi?p=openldap-fortress-commander.git;a=blob;f=pom.xml;h=78a9725f77517703180838d54c5eab0470ca58d9;hb=HEAD

Also as Emmanuel said earlier there is one dependency to the unbound 
ldap api that we are in the process of removing.  This cleanup effort 
remaining is moderate, between 40 & 160 hours.  The new apache ldap api 
plumbing is in place, all of the rbac entities have been converted to 
use, some loose ends - password policy interrogation, all regression 
tests passing, finish the last few (non-rbac) entities.

Shawn

Re: Fortress API to become an Apache project

[Emmanuel Lécharny <el...@gmail.com>]

Le 27/06/2014 16:57, Alex Karasulu a écrit :
> On Fri, Jun 27, 2014 at 1:38 PM, Emmanuel Lécharny <el...@gmail.com>
> wrote:
>
>> PS : Fortress is already using AL 2.0, and Shawn is the main contributor
>> and code owner so no pb with the code attribution or copyright ownership).
>>
> I think there are 2 ways here:
>
> 1. IP Clearance

Shawn and his brother were the only guys having work on this piece of
code, with a few additions from me (mainly the integration of Apache
LDAP API and Apache DS, plus a few fixes here and there). Obviously,
Shawn's brother will have to agree to the move, which is not an issue so
far.

There are a few dependencies on third party libs which have to be taken
care of, but AFAIR, mainly UnboundID - and the work is almost done as I
already used Apache LDAP API as a replacement last year). We have to
check if there is any other (but AFAIR, nope).

> 2. Incubation
>
> #1 is more for things that would be add-ons used by a project here at
> Directory, but this sounds more like a standalone application that happens
> to use ApacheDS and OLD as a backing store
> #2 ... well no explanation necessary
>
> With #2 Directory can be the sponsoring PMC.

In many ways, Incubator could be the right place for this project.
Likely, if it succeeds to get out of incubator, it will become a TLP.
The question here is will it carry enough contributors ?

This is why I wanted to open a discussion here.

Re: Fortress API to become an Apache project

[Alex Karasulu <ak...@apache.org>]

On Fri, Jun 27, 2014 at 1:38 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:

> Hi guys,
>
> for months now, I'm working with Shawn McKinney on Fortress
> (http://www.openldap.org/fortress/ and http://iamfortress.org/overview).
> this week, he asked me what would be the best way to get this project
> becoming an Apache project.
>
>
Great news! Good work on that.


> At thi spoint, we have a few options available :
> - go through incubation
> - accept the project under ADS umbrella, but as a side project, like
> Studio, Mavibot or Escimo
> - ask some other umbrella project if they are interested (Shiro, Syncope ?)
>
> I do think there is some potential for this project (which is an API and
> a web application) to become an interesting part of Apache Directory, as
> it uses either OpenLDAP or ApacheDS as a backend, and also uses the
> Apache LDAP API on the client side. It also is a good replacmenet for
> the dormant Triplesec project.
>
>
+1


> At this point, I would be pleased to get your take on such a move.
>
wdyt ?
> PS : Fortress is already using AL 2.0, and Shawn is the main contributor
> and code owner so no pb with the code attribution or copyright ownership).
>

I think there are 2 ways here:

1. IP Clearance
2. Incubation

#1 is more for things that would be add-ons used by a project here at
Directory, but this sounds more like a standalone application that happens
to use ApacheDS and OLD as a backing store
#2 ... well no explanation necessary

With #2 Directory can be the sponsoring PMC.

Good luck with it.

Best,
Alex

Re: Fortress API to become an Apache project

[Kiran Ayyagari <ka...@apache.org>]

On Fri, Jun 27, 2014 at 4:08 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:

> Hi guys,
>
> for months now, I'm working with Shawn McKinney on Fortress
> (http://www.openldap.org/fortress/ and http://iamfortress.org/overview).
> this week, he asked me what would be the best way to get this project
> becoming an Apache project.
>
> At thi spoint, we have a few options available :
> - go through incubation
> - accept the project under ADS umbrella, but as a side project, like
> Studio, Mavibot or Escimo
> - ask some other umbrella project if they are interested (Shiro, Syncope ?)
>
> I do think there is some potential for this project (which is an API and
> a web application) to become an interesting part of Apache Directory, as
> it uses either OpenLDAP or ApacheDS as a backend, and also uses the
> Apache LDAP API on the client side. It also is a good replacmenet for
> the dormant Triplesec project.
>
> At this point, I would be pleased to get your take on such a move.
>
> wdyt ?
>
+1 for making it a sub-project of ADS, it will be a great addition

> PS : Fortress is already using AL 2.0, and Shawn is the main contributor
> and code owner so no pb with the code attribution or copyright ownership).
>



-- 
Kiran Ayyagari
http://keydap.com