ApacheCon EU 2007 CFP

[Enrique Rodriguez <en...@gmail.com>]

Hi, Directory developers,

Today is the CFP for ApacheCon EU 2007.  The CFP site accepted my
submissions, so I don't think I missed the cut-off!  Anyway, both of
my talks have to do with Directory-backed authentication:  (AD1853) is
the Kerberos talk I've given a couple times and (AD1854) basically
replaces Kerberos with CardSpace technologies (WS-Trust, WS-Mex, and
SAML).  So, if either or both talks interest you and you have CFP
website access, then I would appreciate the support.  Log in and
there's a link to "Rate the session proposals."  My abstracts are
below.

Enrique

AD1853
Title:  Secure Single-Sign-On with Apache Directory and Apache Kerberos

Abstract:  The lead developer of the Kerberos protocol provider for
the Apache Directory will discuss the use of Apache Directory as a
"realm controller" for Linux and Windows machines. This talk will
provide an overview of the Kerberos and Change Password protocol
workflow. Significant time will be spent on the configuration of trust
relationships and the configuration of both Linux and Windows machines
to use Apache Directory as a Key Distribution Center (KDC). Hint:
those attending this session should be interested in network
authentication ("single-sign-on") using Kerberos realms. Prior
experience with Kerberos is recommended.

AD1854
Title:  Using Apache Directory as an Identity Provider STS for CardSpace

Abstract:  A member of the Apache Directory PMC will discuss the use
of Apache Directory as a CardSpace Identity Provider "Security Token
Service" (STS) for cross-platform web authentication.  This talk will
introduce CardSpace and discuss the basics of the Subject, Relying
Party, and Identity Provider roles.  Significant time will be spent on
live demonstrations of an Identity Provider provisioning Managed Cards
online and validating one-time password (OTP) tokens based on open
standards (OATH).

Re: ApacheCon EU 2007 CFP

[Ole Ersoy <ol...@yahoo.com>]

Hey Guys,

Maybe now is a good time to talk about standards.

Personally I think every submission should have a
checklist of things to go through before it is
incorporated into ADS and can be talked about and
supported.  Everything has to get checked off, or the
thing is in a holding pattern.  This encourages full
completion of each item, and all related / directly
corresponding items while their fresh in the mind of
the individual that created the thing.

That said I'm going to put my effort where my mouth is
and create such a list.  My target is to have it
delivered within the next two weeks.  I'll go over the
current stuff we have on Confluence again, just so
that I'm sure to incorporate existing material.

It's a two week target, because I think that gives me
sufficient time to commit the RPM packaging stuff, so
that I have a real world visible example of how I
followed my own recommendations.

Cheers,
- Ole

--- Ersin Er <er...@gmail.com> wrote:

> Hi all and Enrique,
> 
> Well, titles for these presentations seem quite
> attractive. However,
> if we are supporting such technologies, we all need
> to have some ideas
> on them. To be able to guarantee the support for a
> reasonable amount
> of time in the future for these
> technologies/features, we need
> documentation (OK, it can be postponed for a while),
> test cases (a
> must!), and also "at least" some discussion on the
> mailing list.
> 
> -- 
> Ersin
> 
> On 1/17/07, Enrique Rodriguez <en...@gmail.com>
> wrote:
> > Hi, Directory developers,
> >
> > Today is the CFP for ApacheCon EU 2007.  The CFP
> site accepted my
> > submissions, so I don't think I missed the
> cut-off!  Anyway, both of
> > my talks have to do with Directory-backed
> authentication:  (AD1853) is
> > the Kerberos talk I've given a couple times and
> (AD1854) basically
> > replaces Kerberos with CardSpace technologies
> (WS-Trust, WS-Mex, and
> > SAML).  So, if either or both talks interest you
> and you have CFP
> > website access, then I would appreciate the
> support.  Log in and
> > there's a link to "Rate the session proposals." 
> My abstracts are
> > below.
> >
> > Enrique
> >
> > AD1853
> > Title:  Secure Single-Sign-On with Apache
> Directory and Apache Kerberos
> >
> > Abstract:  The lead developer of the Kerberos
> protocol provider for
> > the Apache Directory will discuss the use of
> Apache Directory as a
> > "realm controller" for Linux and Windows machines.
> This talk will
> > provide an overview of the Kerberos and Change
> Password protocol
> > workflow. Significant time will be spent on the
> configuration of trust
> > relationships and the configuration of both Linux
> and Windows machines
> > to use Apache Directory as a Key Distribution
> Center (KDC). Hint:
> > those attending this session should be interested
> in network
> > authentication ("single-sign-on") using Kerberos
> realms. Prior
> > experience with Kerberos is recommended.
> >
> > AD1854
> > Title:  Using Apache Directory as an Identity
> Provider STS for CardSpace
> >
> > Abstract:  A member of the Apache Directory PMC
> will discuss the use
> > of Apache Directory as a CardSpace Identity
> Provider "Security Token
> > Service" (STS) for cross-platform web
> authentication.  This talk will
> > introduce CardSpace and discuss the basics of the
> Subject, Relying
> > Party, and Identity Provider roles.  Significant
> time will be spent on
> > live demonstrations of an Identity Provider
> provisioning Managed Cards
> > online and validating one-time password (OTP)
> tokens based on open
> > standards (OATH).
> >
> 
> 
> -- 
> Ersin
> 



 
____________________________________________________________________________________
Need a quick answer? Get one in minutes from people who know.
Ask your question on www.Answers.yahoo.com

Re: ApacheCon EU 2007 CFP

[Ersin Er <er...@gmail.com>]

Hi all and Enrique,

Well, titles for these presentations seem quite attractive. However,
if we are supporting such technologies, we all need to have some ideas
on them. To be able to guarantee the support for a reasonable amount
of time in the future for these technologies/features, we need
documentation (OK, it can be postponed for a while), test cases (a
must!), and also "at least" some discussion on the mailing list.

-- 
Ersin

On 1/17/07, Enrique Rodriguez <en...@gmail.com> wrote:
> Hi, Directory developers,
>
> Today is the CFP for ApacheCon EU 2007.  The CFP site accepted my
> submissions, so I don't think I missed the cut-off!  Anyway, both of
> my talks have to do with Directory-backed authentication:  (AD1853) is
> the Kerberos talk I've given a couple times and (AD1854) basically
> replaces Kerberos with CardSpace technologies (WS-Trust, WS-Mex, and
> SAML).  So, if either or both talks interest you and you have CFP
> website access, then I would appreciate the support.  Log in and
> there's a link to "Rate the session proposals."  My abstracts are
> below.
>
> Enrique
>
> AD1853
> Title:  Secure Single-Sign-On with Apache Directory and Apache Kerberos
>
> Abstract:  The lead developer of the Kerberos protocol provider for
> the Apache Directory will discuss the use of Apache Directory as a
> "realm controller" for Linux and Windows machines. This talk will
> provide an overview of the Kerberos and Change Password protocol
> workflow. Significant time will be spent on the configuration of trust
> relationships and the configuration of both Linux and Windows machines
> to use Apache Directory as a Key Distribution Center (KDC). Hint:
> those attending this session should be interested in network
> authentication ("single-sign-on") using Kerberos realms. Prior
> experience with Kerberos is recommended.
>
> AD1854
> Title:  Using Apache Directory as an Identity Provider STS for CardSpace
>
> Abstract:  A member of the Apache Directory PMC will discuss the use
> of Apache Directory as a CardSpace Identity Provider "Security Token
> Service" (STS) for cross-platform web authentication.  This talk will
> introduce CardSpace and discuss the basics of the Subject, Relying
> Party, and Identity Provider roles.  Significant time will be spent on
> live demonstrations of an Identity Provider provisioning Managed Cards
> online and validating one-time password (OTP) tokens based on open
> standards (OATH).
>


-- 
Ersin

Re: ApacheCon EU 2007 CFP

[Emmanuel Lecharny <el...@gmail.com>]

Well, when I read your proposals for ApacheCon EU, I was just asking myself
if it was fair to push materials without having asked any other project
committers about them. You didn't bothered *at all* that somebody else from
Directory could have also pushed very similar proposals, making us feel very
unconfortable.

This drove me to these points :
1) Is ApacheCon a commercial show, where anybody can talk about anything
just to advertize himself or his company? I thought it was exactly the
opposite : expose the Apache project to the world, as some piece of software
endorsed by Apache committers.  This is all about Apache.

2) Ok, I must admit that your proposal could not have been submitted by
anyone but you, but just because no one except you knows anything about
kerberos and other almost sandboxed/dead subprojects. There have been almost
_no_ activity on this projects last year (barely one commit...) and the
source is in a state that is not really in the state of the art (no test
cases, no javadoc, etc). Would it be me only, these projects would have been
sandboxed back in september, instead of what I spent hours to update all the
headers to reflect the new Apache licence.

3) This lead me to the point where I really think that Alex is right. This
Directory server community has greatly increased lately, with 6 new very
active comitters (Pierre-Arnaud Marcelot, Stefan Seelmann, Christine
Koppelt, David Jencks, Ole Ersoy, Norval Hope - sorry for those I forgot to
mention - ). This is really good because no part of the server is totally
left in the hand of only one committer. Except your part. We have spent a
huge amount of time, Alex, Ersin, Trustin and I to support them, drive them
through the Apache Directory Server maze, and I must say that it's really a
success. Now, none of them as expressed interest in the Kerberos part, but
we weren't able to push the subject, because we don't have any knowledge
about it. You were suppose to be the one to do that, but you were totally
MIA last year. I don't think this is the best way to support a project.

4) Ok, life can be sometime difficult, with lot of work, lot of things to
cope with, but at least, it would have been polite to tell us "I may submit
some proposals, wdyt?" instead of pushing them straight. We are really
suppose to be a community. We can support any of us, we can even help if
needed, but we can only do that if we are asked to.

Well, I must say that I'm not very pleased with this situation. Sorry if you
fell like my words are offending, they are not supposed to be (but my
english is pretty rude and limited), I just wanted to stress out the fact
that we should behave as a group, not as individuals. This is what I think
Apache is all about. I really think that those kerberos things are important
to us, but, please, try or do your best to share informations with the group
before they get out of it.

Emmanuel

On 1/17/07, Alex Karasulu < akarasulu@apache.org > wrote:
>
> I'd like to support you on this since I personally like your work and
> the topics sound really interesting but as PMC chair I have two *BIG*
> problems with this:
>
> (1) You've been MIA and don't support your code when it comes to Java
> docs, external docs, test cases or community.  We have had several users
> that post to the ML asking about things that no one can respond to.  You
> think you're job is to just dump code here and everyone else is
> responsible for cleaning it up and making sure the build, doco and site
> is working.  Your behavior with respect to this community essentially
> reeks of a prima donna.  You might consider becoming a team player
> before asking the team for supporting presentations on topics you've
> made it impossible for us to support.  This leads to point 2 ...
>
> (2) You seem to consistently misunderstand that at Apache we're not
> about technology but rather about community.  I do admit that these are
> interesting topics technically and I would love to overlook your
> community faults and just engage you pleasantly on these topics.
> However you have not discussed any of these topics or these capabilities
> on this mailing list.  We integrated the Kerberos code base and you came
> on to the PMC but all your actions with respect to sharing and being
> involved with the community are antithetical to that role.  Now you're
> doing presentations on features and functionality at ApacheCon that
> cannot really be supported by this community.  Yes no one knows about
> this stuff because you never engaged us about any of it on this mailing
> list.  What will happen when people see your presentation and post to
> our mailing list and no one is capable of supporting them?  You
> consistently don't think of these things which is the responsibility of
> a PMC member.
>
> Having a solid community that users and developers can rely on is the
> key to the health and survival of an Apache project.  By doing these
> presentations at ApacheCon you're advertising features that you've added
> (or plan to add) without consulting the community and this does everyone
> on this project a disservice.
>
> You're putting us in a tough spot so you can goto Amsterdam and have a
> nice presentation at the expense of our community.
>
> This is something we all don't appreciate.
>
> Alex
>
> Enrique Rodriguez wrote:
> > Hi, Directory developers,
> >
> > Today is the CFP for ApacheCon EU 2007.  The CFP site accepted my
> > submissions, so I don't think I missed the cut-off!  Anyway, both of
> > my talks have to do with Directory-backed authentication:  (AD1853) is
> > the Kerberos talk I've given a couple times and (AD1854) basically
> > replaces Kerberos with CardSpace technologies (WS-Trust, WS-Mex, and
> > SAML).  So, if either or both talks interest you and you have CFP
> > website access, then I would appreciate the support.  Log in and
> > there's a link to "Rate the session proposals."  My abstracts are
> > below.
> >
> > Enrique
> >
> > AD1853
> > Title:  Secure Single-Sign-On with Apache Directory and Apache Kerberos
> >
> > Abstract:  The lead developer of the Kerberos protocol provider for
> > the Apache Directory will discuss the use of Apache Directory as a
> > "realm controller" for Linux and Windows machines. This talk will
> > provide an overview of the Kerberos and Change Password protocol
> > workflow. Significant time will be spent on the configuration of trust
> > relationships and the configuration of both Linux and Windows machines
> > to use Apache Directory as a Key Distribution Center (KDC). Hint:
> > those attending this session should be interested in network
> > authentication ("single-sign-on") using Kerberos realms. Prior
> > experience with Kerberos is recommended.
> >
> > AD1854
> > Title:  Using Apache Directory as an Identity Provider STS for CardSpace
> >
> > Abstract:  A member of the Apache Directory PMC will discuss the use
> > of Apache Directory as a CardSpace Identity Provider "Security Token
> > Service" (STS) for cross-platform web authentication.  This talk will
> > introduce CardSpace and discuss the basics of the Subject, Relying
> > Party, and Identity Provider roles.  Significant time will be spent on
> > live demonstrations of an Identity Provider provisioning Managed Cards
> > online and validating one-time password (OTP) tokens based on open
> > standards (OATH).
> >
>
>
>
>


-- 
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: ApacheCon EU 2007 CFP

[Alex Karasulu <ak...@apache.org>]

I'd like to support you on this since I personally like your work and 
the topics sound really interesting but as PMC chair I have two *BIG* 
problems with this:

(1) You've been MIA and don't support your code when it comes to Java 
docs, external docs, test cases or community.  We have had several users 
that post to the ML asking about things that no one can respond to.  You 
think you're job is to just dump code here and everyone else is 
responsible for cleaning it up and making sure the build, doco and site 
is working.  Your behavior with respect to this community essentially 
reeks of a prima donna.  You might consider becoming a team player 
before asking the team for supporting presentations on topics you've 
made it impossible for us to support.  This leads to point 2 ...

(2) You seem to consistently misunderstand that at Apache we're not 
about technology but rather about community.  I do admit that these are 
interesting topics technically and I would love to overlook your 
community faults and just engage you pleasantly on these topics. 
However you have not discussed any of these topics or these capabilities 
on this mailing list.  We integrated the Kerberos code base and you came 
on to the PMC but all your actions with respect to sharing and being 
involved with the community are antithetical to that role.  Now you're 
doing presentations on features and functionality at ApacheCon that 
cannot really be supported by this community.  Yes no one knows about 
this stuff because you never engaged us about any of it on this mailing 
list.  What will happen when people see your presentation and post to 
our mailing list and no one is capable of supporting them?  You 
consistently don't think of these things which is the responsibility of 
a PMC member.

Having a solid community that users and developers can rely on is the 
key to the health and survival of an Apache project.  By doing these 
presentations at ApacheCon you're advertising features that you've added 
(or plan to add) without consulting the community and this does everyone 
on this project a disservice.

You're putting us in a tough spot so you can goto Amsterdam and have a 
nice presentation at the expense of our community.

This is something we all don't appreciate.

Alex

Enrique Rodriguez wrote:
> Hi, Directory developers,
> 
> Today is the CFP for ApacheCon EU 2007.  The CFP site accepted my
> submissions, so I don't think I missed the cut-off!  Anyway, both of
> my talks have to do with Directory-backed authentication:  (AD1853) is
> the Kerberos talk I've given a couple times and (AD1854) basically
> replaces Kerberos with CardSpace technologies (WS-Trust, WS-Mex, and
> SAML).  So, if either or both talks interest you and you have CFP
> website access, then I would appreciate the support.  Log in and
> there's a link to "Rate the session proposals."  My abstracts are
> below.
> 
> Enrique
> 
> AD1853
> Title:  Secure Single-Sign-On with Apache Directory and Apache Kerberos
> 
> Abstract:  The lead developer of the Kerberos protocol provider for
> the Apache Directory will discuss the use of Apache Directory as a
> "realm controller" for Linux and Windows machines. This talk will
> provide an overview of the Kerberos and Change Password protocol
> workflow. Significant time will be spent on the configuration of trust
> relationships and the configuration of both Linux and Windows machines
> to use Apache Directory as a Key Distribution Center (KDC). Hint:
> those attending this session should be interested in network
> authentication ("single-sign-on") using Kerberos realms. Prior
> experience with Kerberos is recommended.
> 
> AD1854
> Title:  Using Apache Directory as an Identity Provider STS for CardSpace
> 
> Abstract:  A member of the Apache Directory PMC will discuss the use
> of Apache Directory as a CardSpace Identity Provider "Security Token
> Service" (STS) for cross-platform web authentication.  This talk will
> introduce CardSpace and discuss the basics of the Subject, Relying
> Party, and Identity Provider roles.  Significant time will be spent on
> live demonstrations of an Identity Provider provisioning Managed Cards
> online and validating one-time password (OTP) tokens based on open
> standards (OATH).
>