[PROPOSAL] Some roadmap ideas

[Jean-Baptiste Onofré <jb...@nanthrax.net>]

Hi guys,

I'm happy as I should have some time to work again on Syncope next week 
(and the following weeks ;)).

I have some ideas that I would like to share and discuss with you.
Please, correct me if I'm wrong, if the ideas are stupid, or already done ;)

1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
We already discussed of that in the past. It doesn't change the Syncope 
codebase itself, it's just an addition on the Karaf side.
The first thing is to provide a SyncopeLoginModule in Karaf allowing to 
delegate the user backend to Syncope. Currently, Karaf provides 
PropertiesLoginModule (the username/password are stored in the simple 
properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
Thanks to the SyncopeLoginModule, the users just delegate the Karaf 
container JAAS realm backend to Syncope, who manages its own backend 
(LDAP, etc).
On the other hand, I will provide a Karaf feature to be able to easily 
install Syncope directly in Karaf.

2/ OAuth2 Service Provider feature
More and more companies want to provide an "internal" oauth2 service 
provider (instead of using "public" one like amazon, bitbucket, etc).
What do you think to add an optional feature to Syncope to turn Syncope 
as an OAuth2 Service Provider ?

3/ CXF authentication ready to use feature
Right now, we can use Syncope with CXF by implementing an interceptor 
delegating to the Syncope REST API.
It's not really straight forward for the user as it requires to write 
some kind of plumbing code.
I think it could be helpful to provide a ready to use "CXF feature" 
providing the interceptor that we can configure (the location of the 
Syncope instance, etc).
Maybe it makes more sense to add this on the CXF part more than on the 
Syncope side, but, anyway, it could be very helpful for the users.

WDYT ?

Thanks,
Regards
JB
-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Re: [PROPOSAL] Some roadmap ideas

[Sergey Beryozkin <sb...@gmail.com>]

Hi,
On 05/06/14 10:59, Francesco Chicchiriccò wrote:
> On 04/06/2014 21:25, Jean-Baptiste Onofré wrote:
>> Hi guys,
>>
>> I'm happy as I should have some time to work again on Syncope next
>> week (and the following weeks ;)).
>>
>> I have some ideas that I would like to share and discuss with you.
>> Please, correct me if I'm wrong, if the ideas are stupid, or already
>> done ;)
>>
>> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
>> We already discussed of that in the past. It doesn't change the
>> Syncope codebase itself, it's just an addition on the Karaf side.
>> The first thing is to provide a SyncopeLoginModule in Karaf allowing
>> to delegate the user backend to Syncope. Currently, Karaf provides
>> PropertiesLoginModule (the username/password are stored in the simple
>> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
>> Thanks to the SyncopeLoginModule, the users just delegate the Karaf
>> container JAAS realm backend to Syncope, who manages its own backend
>> (LDAP, etc).
>> On the other hand, I will provide a Karaf feature to be able to easily
>> install Syncope directly in Karaf.
>
> This sounds very cool: when you discuss or file issue(s) on Karaf's
> JIRA, please report here, I personally would love to watch and possibly
> test :-)
>
>> 2/ OAuth2 Service Provider feature
>> More and more companies want to provide an "internal" oauth2 service
>> provider (instead of using "public" one like amazon, bitbucket, etc).
>> What do you think to add an optional feature to Syncope to turn
>> Syncope as an OAuth2 Service Provider ?
>
> Really nice.
> I would see this feature as part of the "Access Management" feature set
> currently scheduled for 3.0.0 [1] - clearly this does not mean we cannot
> implement it before.
>

What would be scope of this work ? Having Syncope accepting OAuth2 
tokens as authentication credentials ? Or enhancing Syncope to act as 
OAuth2-aware (Openid-Connect) IDP ? I think both features are useful :-)

Cheers, Sergey

>> 3/ CXF authentication ready to use feature
>> Right now, we can use Syncope with CXF by implementing an interceptor
>> delegating to the Syncope REST API.
>> It's not really straight forward for the user as it requires to write
>> some kind of plumbing code.
>> I think it could be helpful to provide a ready to use "CXF feature"
>> providing the interceptor that we can configure (the location of the
>> Syncope instance, etc).
>> Maybe it makes more sense to add this on the CXF part more than on the
>> Syncope side, but, anyway, it could be very helpful for the users.
>
> Hum, I am probably missing some bits on CXF side: are you proposing to
> provide a sort of "Syncope authentication module" for CXF, as suggested
> above for Karaf?
> Could it be the case to maintain such module(s) in Syncope codebase
> anyway? We will need of course to keep them up-to-date either with
> respect to Syncope and CXF / Karaf of course, so we will need CXF and
> Karaf expertise - which we actually have :-)
>
> Regards.
>
> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Re: [PROPOSAL] Some roadmap ideas

[Jean-Baptiste Onofré <jb...@nanthrax.net>]

Hi guys,

good point from Francesco and Colm. As CXF can use the JAAS LoginModule 
(directly or via the realm in Karaf), it's redundant with the 
LoginModule indeed.

Regards
JB

On 06/05/2014 12:15 PM, Colm O hEigeartaigh wrote:
> Hi JB,
>
> Is the "CXF authentication ready to use feature" really required if we are
> already going to have a JAAS LoginModule for Syncope? A CXF user can just
> use the new JAAS LoginModule for authentication instead.
>
> Colm.
>
>
> On Thu, Jun 5, 2014 at 10:59 AM, Francesco Chicchiriccò <ilgrosso@apache.org
>> wrote:
>
>> On 04/06/2014 21:25, Jean-Baptiste Onofré wrote:
>>
>>> Hi guys,
>>>
>>> I'm happy as I should have some time to work again on Syncope next week
>>> (and the following weeks ;)).
>>>
>>> I have some ideas that I would like to share and discuss with you.
>>> Please, correct me if I'm wrong, if the ideas are stupid, or already done
>>> ;)
>>>
>>> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
>>> We already discussed of that in the past. It doesn't change the Syncope
>>> codebase itself, it's just an addition on the Karaf side.
>>> The first thing is to provide a SyncopeLoginModule in Karaf allowing to
>>> delegate the user backend to Syncope. Currently, Karaf provides
>>> PropertiesLoginModule (the username/password are stored in the simple
>>> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
>>> Thanks to the SyncopeLoginModule, the users just delegate the Karaf
>>> container JAAS realm backend to Syncope, who manages its own backend (LDAP,
>>> etc).
>>> On the other hand, I will provide a Karaf feature to be able to easily
>>> install Syncope directly in Karaf.
>>>
>>
>> This sounds very cool: when you discuss or file issue(s) on Karaf's JIRA,
>> please report here, I personally would love to watch and possibly test :-)
>>
>>
>>   2/ OAuth2 Service Provider feature
>>> More and more companies want to provide an "internal" oauth2 service
>>> provider (instead of using "public" one like amazon, bitbucket, etc).
>>> What do you think to add an optional feature to Syncope to turn Syncope
>>> as an OAuth2 Service Provider ?
>>>
>>
>> Really nice.
>> I would see this feature as part of the "Access Management" feature set
>> currently scheduled for 3.0.0 [1] - clearly this does not mean we cannot
>> implement it before.
>>
>>
>>   3/ CXF authentication ready to use feature
>>> Right now, we can use Syncope with CXF by implementing an interceptor
>>> delegating to the Syncope REST API.
>>> It's not really straight forward for the user as it requires to write
>>> some kind of plumbing code.
>>> I think it could be helpful to provide a ready to use "CXF feature"
>>> providing the interceptor that we can configure (the location of the
>>> Syncope instance, etc).
>>> Maybe it makes more sense to add this on the CXF part more than on the
>>> Syncope side, but, anyway, it could be very helpful for the users.
>>>
>>
>> Hum, I am probably missing some bits on CXF side: are you proposing to
>> provide a sort of "Syncope authentication module" for CXF, as suggested
>> above for Karaf?
>> Could it be the case to maintain such module(s) in Syncope codebase
>> anyway? We will need of course to keep them up-to-date either with respect
>> to Syncope and CXF / Karaf of course, so we will need CXF and Karaf
>> expertise - which we actually have :-)
>>
>> Regards.
>>
>> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
>>
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Involved at The Apache Software Foundation:
>> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
>> http://people.apache.org/~ilgrosso/
>>
>>
>
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Re: [PROPOSAL] Some roadmap ideas

[Colm O hEigeartaigh <co...@apache.org>]

Hi JB,

Is the "CXF authentication ready to use feature" really required if we are
already going to have a JAAS LoginModule for Syncope? A CXF user can just
use the new JAAS LoginModule for authentication instead.

Colm.


On Thu, Jun 5, 2014 at 10:59 AM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:

> On 04/06/2014 21:25, Jean-Baptiste Onofré wrote:
>
>> Hi guys,
>>
>> I'm happy as I should have some time to work again on Syncope next week
>> (and the following weeks ;)).
>>
>> I have some ideas that I would like to share and discuss with you.
>> Please, correct me if I'm wrong, if the ideas are stupid, or already done
>> ;)
>>
>> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
>> We already discussed of that in the past. It doesn't change the Syncope
>> codebase itself, it's just an addition on the Karaf side.
>> The first thing is to provide a SyncopeLoginModule in Karaf allowing to
>> delegate the user backend to Syncope. Currently, Karaf provides
>> PropertiesLoginModule (the username/password are stored in the simple
>> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
>> Thanks to the SyncopeLoginModule, the users just delegate the Karaf
>> container JAAS realm backend to Syncope, who manages its own backend (LDAP,
>> etc).
>> On the other hand, I will provide a Karaf feature to be able to easily
>> install Syncope directly in Karaf.
>>
>
> This sounds very cool: when you discuss or file issue(s) on Karaf's JIRA,
> please report here, I personally would love to watch and possibly test :-)
>
>
>  2/ OAuth2 Service Provider feature
>> More and more companies want to provide an "internal" oauth2 service
>> provider (instead of using "public" one like amazon, bitbucket, etc).
>> What do you think to add an optional feature to Syncope to turn Syncope
>> as an OAuth2 Service Provider ?
>>
>
> Really nice.
> I would see this feature as part of the "Access Management" feature set
> currently scheduled for 3.0.0 [1] - clearly this does not mean we cannot
> implement it before.
>
>
>  3/ CXF authentication ready to use feature
>> Right now, we can use Syncope with CXF by implementing an interceptor
>> delegating to the Syncope REST API.
>> It's not really straight forward for the user as it requires to write
>> some kind of plumbing code.
>> I think it could be helpful to provide a ready to use "CXF feature"
>> providing the interceptor that we can configure (the location of the
>> Syncope instance, etc).
>> Maybe it makes more sense to add this on the CXF part more than on the
>> Syncope side, but, anyway, it could be very helpful for the users.
>>
>
> Hum, I am probably missing some bits on CXF side: are you proposing to
> provide a sort of "Syncope authentication module" for CXF, as suggested
> above for Karaf?
> Could it be the case to maintain such module(s) in Syncope codebase
> anyway? We will need of course to keep them up-to-date either with respect
> to Syncope and CXF / Karaf of course, so we will need CXF and Karaf
> expertise - which we actually have :-)
>
> Regards.
>
> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
> http://people.apache.org/~ilgrosso/
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: [PROPOSAL] Some roadmap ideas

[Francesco Chicchiriccò <il...@apache.org>]

On 04/06/2014 21:25, Jean-Baptiste Onofré wrote:
> Hi guys,
>
> I'm happy as I should have some time to work again on Syncope next 
> week (and the following weeks ;)).
>
> I have some ideas that I would like to share and discuss with you.
> Please, correct me if I'm wrong, if the ideas are stupid, or already 
> done ;)
>
> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
> We already discussed of that in the past. It doesn't change the 
> Syncope codebase itself, it's just an addition on the Karaf side.
> The first thing is to provide a SyncopeLoginModule in Karaf allowing 
> to delegate the user backend to Syncope. Currently, Karaf provides 
> PropertiesLoginModule (the username/password are stored in the simple 
> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
> Thanks to the SyncopeLoginModule, the users just delegate the Karaf 
> container JAAS realm backend to Syncope, who manages its own backend 
> (LDAP, etc).
> On the other hand, I will provide a Karaf feature to be able to easily 
> install Syncope directly in Karaf.

This sounds very cool: when you discuss or file issue(s) on Karaf's 
JIRA, please report here, I personally would love to watch and possibly 
test :-)

> 2/ OAuth2 Service Provider feature
> More and more companies want to provide an "internal" oauth2 service 
> provider (instead of using "public" one like amazon, bitbucket, etc).
> What do you think to add an optional feature to Syncope to turn 
> Syncope as an OAuth2 Service Provider ?

Really nice.
I would see this feature as part of the "Access Management" feature set 
currently scheduled for 3.0.0 [1] - clearly this does not mean we cannot 
implement it before.

> 3/ CXF authentication ready to use feature
> Right now, we can use Syncope with CXF by implementing an interceptor 
> delegating to the Syncope REST API.
> It's not really straight forward for the user as it requires to write 
> some kind of plumbing code.
> I think it could be helpful to provide a ready to use "CXF feature" 
> providing the interceptor that we can configure (the location of the 
> Syncope instance, etc).
> Maybe it makes more sense to add this on the CXF part more than on the 
> Syncope side, but, anyway, it could be very helpful for the users.

Hum, I am probably missing some bits on CXF side: are you proposing to 
provide a sort of "Syncope authentication module" for CXF, as suggested 
above for Karaf?
Could it be the case to maintain such module(s) in Syncope codebase 
anyway? We will need of course to keep them up-to-date either with 
respect to Syncope and CXF / Karaf of course, so we will need CXF and 
Karaf expertise - which we actually have :-)

Regards.

[1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/

Re: [PROPOSAL] Some roadmap ideas

[Jean-Baptiste Onofré <jb...@nanthrax.net>]

Hi Francesco,

Thanks for the update.

good idea for the pass-through.

Regards
JB

On 08/17/2014 11:48 AM, Francesco Chicchiriccò wrote:
> Hi JB,
> I've taken a quick look at your post: nice job!
>
> About the Tomcat JAAS login module, it would be very nice, if you want,
> to have it in Syncope 1.2.0: combined with pass-through authentication
> by SYNCOPE-164 it will instantly enable Tomcat authentication against
> JDBC, LDAP, Active Directory, or any other ConnId covered external
> resource.
>
> WDYT?
> Regards.
>
> On 17/08/2014 08:15, Jean-Baptiste Onofré wrote:
>> By the way, I also created a Syncope login module for Tomcat. For now,
>> I will push on my github for now, we will see later where to put it.
>>
>> Regards
>> JB
>>
>> On 06/04/2014 09:25 PM, Jean-Baptiste Onofré wrote:
>>> Hi guys,
>>>
>>> I'm happy as I should have some time to work again on Syncope next week
>>> (and the following weeks ;)).
>>>
>>> I have some ideas that I would like to share and discuss with you.
>>> Please, correct me if I'm wrong, if the ideas are stupid, or already
>>> done ;)
>>>
>>> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
>>> We already discussed of that in the past. It doesn't change the Syncope
>>> codebase itself, it's just an addition on the Karaf side.
>>> The first thing is to provide a SyncopeLoginModule in Karaf allowing to
>>> delegate the user backend to Syncope. Currently, Karaf provides
>>> PropertiesLoginModule (the username/password are stored in the simple
>>> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
>>> Thanks to the SyncopeLoginModule, the users just delegate the Karaf
>>> container JAAS realm backend to Syncope, who manages its own backend
>>> (LDAP, etc).
>>> On the other hand, I will provide a Karaf feature to be able to easily
>>> install Syncope directly in Karaf.
>>>
>>> 2/ OAuth2 Service Provider feature
>>> More and more companies want to provide an "internal" oauth2 service
>>> provider (instead of using "public" one like amazon, bitbucket, etc).
>>> What do you think to add an optional feature to Syncope to turn Syncope
>>> as an OAuth2 Service Provider ?
>>>
>>> 3/ CXF authentication ready to use feature
>>> Right now, we can use Syncope with CXF by implementing an interceptor
>>> delegating to the Syncope REST API.
>>> It's not really straight forward for the user as it requires to write
>>> some kind of plumbing code.
>>> I think it could be helpful to provide a ready to use "CXF feature"
>>> providing the interceptor that we can configure (the location of the
>>> Syncope instance, etc).
>>> Maybe it makes more sense to add this on the CXF part more than on the
>>> Syncope side, but, anyway, it could be very helpful for the users.
>>>
>>> WDYT ?
>>>
>>> Thanks,
>>> Regards
>>> JB
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Re: [PROPOSAL] Some roadmap ideas

[Francesco Chicchiriccò <il...@apache.org>]

Hi JB,
I've taken a quick look at your post: nice job!

About the Tomcat JAAS login module, it would be very nice, if you want, 
to have it in Syncope 1.2.0: combined with pass-through authentication 
by SYNCOPE-164 it will instantly enable Tomcat authentication against 
JDBC, LDAP, Active Directory, or any other ConnId covered external resource.

WDYT?
Regards.

On 17/08/2014 08:15, Jean-Baptiste Onofré wrote:
> By the way, I also created a Syncope login module for Tomcat. For now, 
> I will push on my github for now, we will see later where to put it.
>
> Regards
> JB
>
> On 06/04/2014 09:25 PM, Jean-Baptiste Onofré wrote:
>> Hi guys,
>>
>> I'm happy as I should have some time to work again on Syncope next week
>> (and the following weeks ;)).
>>
>> I have some ideas that I would like to share and discuss with you.
>> Please, correct me if I'm wrong, if the ideas are stupid, or already
>> done ;)
>>
>> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
>> We already discussed of that in the past. It doesn't change the Syncope
>> codebase itself, it's just an addition on the Karaf side.
>> The first thing is to provide a SyncopeLoginModule in Karaf allowing to
>> delegate the user backend to Syncope. Currently, Karaf provides
>> PropertiesLoginModule (the username/password are stored in the simple
>> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
>> Thanks to the SyncopeLoginModule, the users just delegate the Karaf
>> container JAAS realm backend to Syncope, who manages its own backend
>> (LDAP, etc).
>> On the other hand, I will provide a Karaf feature to be able to easily
>> install Syncope directly in Karaf.
>>
>> 2/ OAuth2 Service Provider feature
>> More and more companies want to provide an "internal" oauth2 service
>> provider (instead of using "public" one like amazon, bitbucket, etc).
>> What do you think to add an optional feature to Syncope to turn Syncope
>> as an OAuth2 Service Provider ?
>>
>> 3/ CXF authentication ready to use feature
>> Right now, we can use Syncope with CXF by implementing an interceptor
>> delegating to the Syncope REST API.
>> It's not really straight forward for the user as it requires to write
>> some kind of plumbing code.
>> I think it could be helpful to provide a ready to use "CXF feature"
>> providing the interceptor that we can configure (the location of the
>> Syncope instance, etc).
>> Maybe it makes more sense to add this on the CXF part more than on the
>> Syncope side, but, anyway, it could be very helpful for the users.
>>
>> WDYT ?
>>
>> Thanks,
>> Regards
>> JB 

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PPMC
http://people.apache.org/~ilgrosso/

Re: [PROPOSAL] Some roadmap ideas

[Jean-Baptiste Onofré <jb...@nanthrax.net>]

By the way, I also created a Syncope login module for Tomcat. For now, I 
will push on my github for now, we will see later where to put it.

Regards
JB

On 06/04/2014 09:25 PM, Jean-Baptiste Onofré wrote:
> Hi guys,
>
> I'm happy as I should have some time to work again on Syncope next week
> (and the following weeks ;)).
>
> I have some ideas that I would like to share and discuss with you.
> Please, correct me if I'm wrong, if the ideas are stupid, or already
> done ;)
>
> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
> We already discussed of that in the past. It doesn't change the Syncope
> codebase itself, it's just an addition on the Karaf side.
> The first thing is to provide a SyncopeLoginModule in Karaf allowing to
> delegate the user backend to Syncope. Currently, Karaf provides
> PropertiesLoginModule (the username/password are stored in the simple
> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
> Thanks to the SyncopeLoginModule, the users just delegate the Karaf
> container JAAS realm backend to Syncope, who manages its own backend
> (LDAP, etc).
> On the other hand, I will provide a Karaf feature to be able to easily
> install Syncope directly in Karaf.
>
> 2/ OAuth2 Service Provider feature
> More and more companies want to provide an "internal" oauth2 service
> provider (instead of using "public" one like amazon, bitbucket, etc).
> What do you think to add an optional feature to Syncope to turn Syncope
> as an OAuth2 Service Provider ?
>
> 3/ CXF authentication ready to use feature
> Right now, we can use Syncope with CXF by implementing an interceptor
> delegating to the Syncope REST API.
> It's not really straight forward for the user as it requires to write
> some kind of plumbing code.
> I think it could be helpful to provide a ready to use "CXF feature"
> providing the interceptor that we can configure (the location of the
> Syncope instance, etc).
> Maybe it makes more sense to add this on the CXF part more than on the
> Syncope side, but, anyway, it could be very helpful for the users.
>
> WDYT ?
>
> Thanks,
> Regards
> JB

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Re: [PROPOSAL] Some roadmap ideas

[Jean-Baptiste Onofré <jb...@nanthrax.net>]

Hi guys,

just a quick update regarding this message.

In Karaf, I "natively" added a new SyncopeLoginModule allowing Karaf to 
use Syncope as backend for users and roles. Any application deployed in 
Karaf can use a realm with this login module: it means user app, but 
also CXF (using the JAASLoginInterceptor for instance), etc.

I blogged about it:

http://blog.nanthrax.net/2014/08/apache-syncope-backend-with-apache-karaf/

I move forward on the Syncope Karaf feature.
I will keep you posted about that.

Regards
JB

On 06/04/2014 09:25 PM, Jean-Baptiste Onofré wrote:
> Hi guys,
>
> I'm happy as I should have some time to work again on Syncope next week
> (and the following weeks ;)).
>
> I have some ideas that I would like to share and discuss with you.
> Please, correct me if I'm wrong, if the ideas are stupid, or already
> done ;)
>
> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature
> We already discussed of that in the past. It doesn't change the Syncope
> codebase itself, it's just an addition on the Karaf side.
> The first thing is to provide a SyncopeLoginModule in Karaf allowing to
> delegate the user backend to Syncope. Currently, Karaf provides
> PropertiesLoginModule (the username/password are stored in the simple
> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule.
> Thanks to the SyncopeLoginModule, the users just delegate the Karaf
> container JAAS realm backend to Syncope, who manages its own backend
> (LDAP, etc).
> On the other hand, I will provide a Karaf feature to be able to easily
> install Syncope directly in Karaf.
>
> 2/ OAuth2 Service Provider feature
> More and more companies want to provide an "internal" oauth2 service
> provider (instead of using "public" one like amazon, bitbucket, etc).
> What do you think to add an optional feature to Syncope to turn Syncope
> as an OAuth2 Service Provider ?
>
> 3/ CXF authentication ready to use feature
> Right now, we can use Syncope with CXF by implementing an interceptor
> delegating to the Syncope REST API.
> It's not really straight forward for the user as it requires to write
> some kind of plumbing code.
> I think it could be helpful to provide a ready to use "CXF feature"
> providing the interceptor that we can configure (the location of the
> Syncope instance, etc).
> Maybe it makes more sense to add this on the CXF part more than on the
> Syncope side, but, anyway, it could be very helpful for the users.
>
> WDYT ?
>
> Thanks,
> Regards
> JB

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com