You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Jean-Baptiste Onofré <jb...@nanthrax.net> on 2011/11/01 10:22:02 UTC
[PROPOSAL][RFC] Fediz for the Apache Incubator
Hi,
I would like to propose Fediz to be an Apache Incubator project.
Fediz is an implementation of OASIS WS-Federation for Web SSO. The core
concept is to externalize the authentication process to a centralized
authentication server (called Identity Provider (IDP)) which can support
any kind of authentication mechanism. The IDP issues a security token
like SAML which contains the authenticated entity as well as role
information and/or other claim data of a user like name, email, others
which is sent to the application (called Relying Party (RP)).
Here's a link to the proposal on the wiki
http://wiki.apache.org/incubator/FedizProposal
I've also included the initial contents below.
As said in the subject (RFC), so any comments and new mentors are welcome
Thanks
Regards
JB
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Nick,
sorry for my late answer, I was busy with the ApacheCon presentation.
The current Fediz codebase doesn't support OID/OAuth. Of course, it
could be interested to support it, by implementing it or by leveraging
existing implementations.
Some pointer about OID/OAuth:
- OID/OAuth doesn't support claims based authorization.
- OID/OAuth doesn't address end-to-end security where identities can be
propagated from a SSO enabled web application to the web services.
WS-Federation is supported by Identity Providers like OpenAM, IBM
Tivoli, Microsoft ADFS, Oracle but there is no support for it in Tomcat,
Karaf, or JBoss for instance.
I hope it answers to your question.
Regards
JB
On 11/03/2011 12:25 PM, Nick Kew wrote:
>
> On 1 Nov 2011, at 09:22, Jean-Baptiste Onofré wrote:
>
>> Hi,
>>
>> I would like to propose Fediz to be an Apache Incubator project.
>
> As others have pointed out, this looks like some familiar technologies.
>
> We know that OpenID is widely supported, by web client, server and
> application software, and some of the biggest providers. OpenAuth
> perhaps less so, but they're spoken of as a pair.
>
> How about a proper exposition of:
> - Does Fediz include an implementaion of OID/OAuth?
> - If yes, does it do other things too, and what's the motivation?
> How would you react to accusations of "embrace and extend"?
> - If no, why should we want another, competing framework/standard?
> - If no, where is it in fact supported in the real world?
>
> I think we should see these issues properly addressed in the proposal!
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Nick Kew <ni...@webthing.com>.
On 1 Nov 2011, at 09:22, Jean-Baptiste Onofré wrote:
> Hi,
>
> I would like to propose Fediz to be an Apache Incubator project.
As others have pointed out, this looks like some familiar technologies.
We know that OpenID is widely supported, by web client, server and
application software, and some of the biggest providers. OpenAuth
perhaps less so, but they're spoken of as a pair.
How about a proper exposition of:
- Does Fediz include an implementaion of OID/OAuth?
- If yes, does it do other things too, and what's the motivation?
How would you react to accusations of "embrace and extend"?
- If no, why should we want another, competing framework/standard?
- If no, where is it in fact supported in the real world?
I think we should see these issues properly addressed in the proposal!
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Simone Tripodi <si...@apache.org>.
Looks interesting! kind of OpenID + OAuth?
Many thanks in advance, all the best!
Simo
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
On Wed, Nov 2, 2011 at 3:40 PM, Jean-Baptiste Onofré <jb...@nanthrax.net> wrote:
> Hi Simone,
>
> OpenID is another protocol mainly for authentication...
>
> WS-federation addresses authentication and claims based authorization.
>
> Regards
> JB
>
> On 11/02/2011 10:56 AM, Simone Tripodi wrote:
>>
>> Salut Jean-Baptiste!
>> sorry for my lack of knowledge, but it reminds me the OpenID protocol
>> - looks like it uses the same terminology as well.
>> How Fediz it is related to the OpenID specification?
>> Many thanks in advance, all the best,
>> Simo
>>
>> http://people.apache.org/~simonetripodi/
>> http://simonetripodi.livejournal.com/
>> http://twitter.com/simonetripodi
>> http://www.99soft.org/
>>
>>
>>
>> On Tue, Nov 1, 2011 at 10:22 AM, Jean-Baptiste Onofré<jb...@nanthrax.net>
>> wrote:
>>>
>>> Hi,
>>>
>>> I would like to propose Fediz to be an Apache Incubator project.
>>>
>>> Fediz is an implementation of OASIS WS-Federation for Web SSO. The core
>>> concept is to externalize the authentication process to a centralized
>>> authentication server (called Identity Provider (IDP)) which can support
>>> any
>>> kind of authentication mechanism. The IDP issues a security token like
>>> SAML
>>> which contains the authenticated entity as well as role information
>>> and/or
>>> other claim data of a user like name, email, others which is sent to the
>>> application (called Relying Party (RP)).
>>>
>>> Here's a link to the proposal on the wiki
>>> http://wiki.apache.org/incubator/FedizProposal
>>>
>>> I've also included the initial contents below.
>>>
>>> As said in the subject (RFC), so any comments and new mentors are welcome
>>>
>>> Thanks
>>> Regards
>>> JB
>>> --
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>> For additional commands, e-mail: general-help@incubator.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Simone,
OpenID is another protocol mainly for authentication...
WS-federation addresses authentication and claims based authorization.
Regards
JB
On 11/02/2011 10:56 AM, Simone Tripodi wrote:
> Salut Jean-Baptiste!
> sorry for my lack of knowledge, but it reminds me the OpenID protocol
> - looks like it uses the same terminology as well.
> How Fediz it is related to the OpenID specification?
> Many thanks in advance, all the best,
> Simo
>
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
>
>
> On Tue, Nov 1, 2011 at 10:22 AM, Jean-Baptiste Onofré<jb...@nanthrax.net> wrote:
>> Hi,
>>
>> I would like to propose Fediz to be an Apache Incubator project.
>>
>> Fediz is an implementation of OASIS WS-Federation for Web SSO. The core
>> concept is to externalize the authentication process to a centralized
>> authentication server (called Identity Provider (IDP)) which can support any
>> kind of authentication mechanism. The IDP issues a security token like SAML
>> which contains the authenticated entity as well as role information and/or
>> other claim data of a user like name, email, others which is sent to the
>> application (called Relying Party (RP)).
>>
>> Here's a link to the proposal on the wiki
>> http://wiki.apache.org/incubator/FedizProposal
>>
>> I've also included the initial contents below.
>>
>> As said in the subject (RFC), so any comments and new mentors are welcome
>>
>> Thanks
>> Regards
>> JB
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Simone Tripodi <si...@apache.org>.
Salut Jean-Baptiste!
sorry for my lack of knowledge, but it reminds me the OpenID protocol
- looks like it uses the same terminology as well.
How Fediz it is related to the OpenID specification?
Many thanks in advance, all the best,
Simo
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
On Tue, Nov 1, 2011 at 10:22 AM, Jean-Baptiste Onofré <jb...@nanthrax.net> wrote:
> Hi,
>
> I would like to propose Fediz to be an Apache Incubator project.
>
> Fediz is an implementation of OASIS WS-Federation for Web SSO. The core
> concept is to externalize the authentication process to a centralized
> authentication server (called Identity Provider (IDP)) which can support any
> kind of authentication mechanism. The IDP issues a security token like SAML
> which contains the authenticated entity as well as role information and/or
> other claim data of a user like name, email, others which is sent to the
> application (called Relying Party (RP)).
>
> Here's a link to the proposal on the wiki
> http://wiki.apache.org/incubator/FedizProposal
>
> I've also included the initial contents below.
>
> As said in the subject (RFC), so any comments and new mentors are welcome
>
> Thanks
> Regards
> JB
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Mohammad Nour El-Din <no...@gmail.com>.
ROFL
Sorry I was checking my old e-mails and I didn't notice the date :D
what a dump reply did I send :D
On Tue, Jul 3, 2012 at 1:20 PM, Jean-Baptiste Onofré <jb...@nanthrax.net>wrote:
> Hi Mohammad,
>
> the proposal has been retired as Fediz is now a subproject of Apache CXF.
>
> Thanks anyway for your proposal !
>
> Regards
> JB
>
>
> On 07/03/2012 12:37 PM, Mohammad Nour El-Din wrote:
>
>> Hi Jean...
>>
>> I added myself, lets go for a [VOTE] :)
>>
>> On Mon, Nov 21, 2011 at 10:52 AM, Jean-Baptiste Onofré <jb@nanthrax.net
>> >wrote:
>>
>> Hi all,
>>>
>>> To be able to start a formal vote, we need an additional mentor.
>>>
>>> Is someone interested ?
>>>
>>> Thanks,
>>> Regards
>>> JB
>>>
>>>
>>> On 11/11/2011 11:49 PM, Jean-Baptiste Onofré wrote:
>>>
>>> Thanks for the update Marcel, and sorry for the late answer.
>>>>
>>>> I updated the Fediz proposal with your comment.
>>>>
>>>> Thanks again,
>>>> Regards
>>>> JB
>>>>
>>>> On 11/03/2011 12:40 PM, Marcel Offermans wrote:
>>>>
>>>> On Nov 1, 2011, at 10:22 AM, Jean-Baptiste Onofré wrote:
>>>>>
>>>>> http://wiki.apache.org/****incubator/FedizProposal<http://wiki.apache.org/**incubator/FedizProposal>
>>>>> <http:/**/wiki.apache.org/incubator/**FedizProposal<http://wiki.apache.org/incubator/FedizProposal>
>>>>> >
>>>>>
>>>>>
>>>>>>
>>>>> Definitely an interesting proposal! Just a comment on the affiliations
>>>>> section: isn't it true that both Olivier Lamy and Colm O'hEigeartaigh
>>>>> are also working for Talend? Of course part of the incubation process
>>>>> will be to attract other developers, I just think it's fair to list
>>>>> affiliations for all initial committers.
>>>>>
>>>>> Greetings, Marcel
>>>>>
>>>>>
>>>>> ------------------------------****----------------------------**--**
>>>>> ---------
>>>>> To unsubscribe, e-mail: general-unsubscribe@incubator.****apache.org<
>>>>> general-**unsubscribe@incubator.apache.**org<ge...@incubator.apache.org>
>>>>> >
>>>>> For additional commands, e-mail: general-help@incubator.apache.**
>>>>> **org<ge...@incubator.apache.org>
>>>>> >
>>>>>
>>>>>
>>>>>
>>>> --
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>>>
>>> ------------------------------****----------------------------**
>>> --**---------
>>> To unsubscribe, e-mail: general-unsubscribe@incubator.****apache.org<
>>> general-**unsubscribe@incubator.apache.**org<ge...@incubator.apache.org>
>>> >
>>> For additional commands, e-mail: general-help@incubator.apache.****org<
>>> general-help@incubator.**apache.org <ge...@incubator.apache.org>>
>>>
>>>
>>>
>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: general-unsubscribe@incubator.**apache.org<ge...@incubator.apache.org>
> For additional commands, e-mail: general-help@incubator.apache.**org<ge...@incubator.apache.org>
>
>
--
Thanks
- Mohammad Nour
----
"Life is like riding a bicycle. To keep your balance you must keep moving"
- Albert Einstein
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Mohammad,
the proposal has been retired as Fediz is now a subproject of Apache CXF.
Thanks anyway for your proposal !
Regards
JB
On 07/03/2012 12:37 PM, Mohammad Nour El-Din wrote:
> Hi Jean...
>
> I added myself, lets go for a [VOTE] :)
>
> On Mon, Nov 21, 2011 at 10:52 AM, Jean-Baptiste Onofré <jb...@nanthrax.net>wrote:
>
>> Hi all,
>>
>> To be able to start a formal vote, we need an additional mentor.
>>
>> Is someone interested ?
>>
>> Thanks,
>> Regards
>> JB
>>
>>
>> On 11/11/2011 11:49 PM, Jean-Baptiste Onofré wrote:
>>
>>> Thanks for the update Marcel, and sorry for the late answer.
>>>
>>> I updated the Fediz proposal with your comment.
>>>
>>> Thanks again,
>>> Regards
>>> JB
>>>
>>> On 11/03/2011 12:40 PM, Marcel Offermans wrote:
>>>
>>>> On Nov 1, 2011, at 10:22 AM, Jean-Baptiste Onofré wrote:
>>>>
>>>> http://wiki.apache.org/**incubator/FedizProposal<http://wiki.apache.org/incubator/FedizProposal>
>>>>>
>>>>
>>>> Definitely an interesting proposal! Just a comment on the affiliations
>>>> section: isn't it true that both Olivier Lamy and Colm O'hEigeartaigh
>>>> are also working for Talend? Of course part of the incubation process
>>>> will be to attract other developers, I just think it's fair to list
>>>> affiliations for all initial committers.
>>>>
>>>> Greetings, Marcel
>>>>
>>>>
>>>> ------------------------------**------------------------------**
>>>> ---------
>>>> To unsubscribe, e-mail: general-unsubscribe@incubator.**apache.org<ge...@incubator.apache.org>
>>>> For additional commands, e-mail: general-help@incubator.apache.**org<ge...@incubator.apache.org>
>>>>
>>>>
>>>
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>>
>> ------------------------------**------------------------------**---------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.**apache.org<ge...@incubator.apache.org>
>> For additional commands, e-mail: general-help@incubator.apache.**org<ge...@incubator.apache.org>
>>
>>
>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Mohammad Nour El-Din <no...@gmail.com>.
Hi Jean...
I added myself, lets go for a [VOTE] :)
On Mon, Nov 21, 2011 at 10:52 AM, Jean-Baptiste Onofré <jb...@nanthrax.net>wrote:
> Hi all,
>
> To be able to start a formal vote, we need an additional mentor.
>
> Is someone interested ?
>
> Thanks,
> Regards
> JB
>
>
> On 11/11/2011 11:49 PM, Jean-Baptiste Onofré wrote:
>
>> Thanks for the update Marcel, and sorry for the late answer.
>>
>> I updated the Fediz proposal with your comment.
>>
>> Thanks again,
>> Regards
>> JB
>>
>> On 11/03/2011 12:40 PM, Marcel Offermans wrote:
>>
>>> On Nov 1, 2011, at 10:22 AM, Jean-Baptiste Onofré wrote:
>>>
>>> http://wiki.apache.org/**incubator/FedizProposal<http://wiki.apache.org/incubator/FedizProposal>
>>>>
>>>
>>> Definitely an interesting proposal! Just a comment on the affiliations
>>> section: isn't it true that both Olivier Lamy and Colm O'hEigeartaigh
>>> are also working for Talend? Of course part of the incubation process
>>> will be to attract other developers, I just think it's fair to list
>>> affiliations for all initial committers.
>>>
>>> Greetings, Marcel
>>>
>>>
>>> ------------------------------**------------------------------**
>>> ---------
>>> To unsubscribe, e-mail: general-unsubscribe@incubator.**apache.org<ge...@incubator.apache.org>
>>> For additional commands, e-mail: general-help@incubator.apache.**org<ge...@incubator.apache.org>
>>>
>>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: general-unsubscribe@incubator.**apache.org<ge...@incubator.apache.org>
> For additional commands, e-mail: general-help@incubator.apache.**org<ge...@incubator.apache.org>
>
>
--
Thanks
- Mohammad Nour
----
"Life is like riding a bicycle. To keep your balance you must keep moving"
- Albert Einstein
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi all,
To be able to start a formal vote, we need an additional mentor.
Is someone interested ?
Thanks,
Regards
JB
On 11/11/2011 11:49 PM, Jean-Baptiste Onofré wrote:
> Thanks for the update Marcel, and sorry for the late answer.
>
> I updated the Fediz proposal with your comment.
>
> Thanks again,
> Regards
> JB
>
> On 11/03/2011 12:40 PM, Marcel Offermans wrote:
>> On Nov 1, 2011, at 10:22 AM, Jean-Baptiste Onofré wrote:
>>
>>> http://wiki.apache.org/incubator/FedizProposal
>>
>> Definitely an interesting proposal! Just a comment on the affiliations
>> section: isn't it true that both Olivier Lamy and Colm O'hEigeartaigh
>> are also working for Talend? Of course part of the incubation process
>> will be to attract other developers, I just think it's fair to list
>> affiliations for all initial committers.
>>
>> Greetings, Marcel
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Thanks for the update Marcel, and sorry for the late answer.
I updated the Fediz proposal with your comment.
Thanks again,
Regards
JB
On 11/03/2011 12:40 PM, Marcel Offermans wrote:
> On Nov 1, 2011, at 10:22 AM, Jean-Baptiste Onofré wrote:
>
>> http://wiki.apache.org/incubator/FedizProposal
>
> Definitely an interesting proposal! Just a comment on the affiliations section: isn't it true that both Olivier Lamy and Colm O'hEigeartaigh are also working for Talend? Of course part of the incubation process will be to attract other developers, I just think it's fair to list affiliations for all initial committers.
>
> Greetings, Marcel
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [PROPOSAL][RFC] Fediz for the Apache Incubator
Posted by Marcel Offermans <ma...@luminis.nl>.
On Nov 1, 2011, at 10:22 AM, Jean-Baptiste Onofré wrote:
> http://wiki.apache.org/incubator/FedizProposal
Definitely an interesting proposal! Just a comment on the affiliations section: isn't it true that both Olivier Lamy and Colm O'hEigeartaigh are also working for Talend? Of course part of the incubation process will be to attract other developers, I just think it's fair to list affiliations for all initial committers.
Greetings, Marcel
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org