You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@james.apache.org by GitBox <gi...@apache.org> on 2022/09/16 15:03:39 UTC

[GitHub] [james-project] chibenwa opened a new pull request, #1196: [BOYSCOUT] Write some missing ADRs regarding recent work

chibenwa opened a new pull request, #1196:
URL: https://github.com/apache/james-project/pull/1196

   I did got some time in the plane...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org

[GitHub] [james-project] quantranhong1999 commented on a diff in pull request #1196: [BOYSCOUT] Write some missing ADRs regarding recent work

Posted by GitBox <gi...@apache.org>.

quantranhong1999 commented on code in PR #1196:
URL: https://github.com/apache/james-project/pull/1196#discussion_r974128452


##########
src/adr/0062-oidc-token-introspection.md:
##########
@@ -0,0 +1,50 @@
+# 62. OIDC token introspection
+
+Date: 2022-09-13
+
+## Status
+
+Accepted (lazy consensus).
+
+Implemented. 
+
+Complements [ADR 51](0051-oidc.md).
+
+## Context
+
+[ADR 51](0051-oidc.md) describes work required for OIDC adoption within James.
+
+This work enables the uses of an OIDC access token to authenticate using IMAP and SMTP.
+It validates the signature of the token using cryptographic materials exposes by the 
+Identity Provider server through the mean of a JWKS endpoint. Yet no effort is made to
+see if the access token in question was revoked or not, which can pause a security threat.
+
+OIDC ecosystem can support the following mechanisms to determine if an access token had been 
+revoked:
+
+ - Use of an introspection endpoint: the application asks the OIDC server to validate the token
+ through an HTTP call. This result in load on the identity provider, which becomes central to the
+ authentication process. This can be assimilated to a 'synchronous' mode.
+ - use of back-channel upon token revocation. The OIDC provider is then responsible to call an 

Review Comment:
   ```suggestion
    - Use of back-channel upon token revocation. The OIDC provider is then responsible to call an 
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org

[GitHub] [james-project] Arsnael commented on a diff in pull request #1196: [BOYSCOUT] Write some missing ADRs regarding recent work

Posted by GitBox <gi...@apache.org>.

Arsnael commented on code in PR #1196:
URL: https://github.com/apache/james-project/pull/1196#discussion_r973854839


##########
src/adr/0060-adopt-bounded-elastic.md:
##########
@@ -0,0 +1,60 @@
+# 60. Adopt bounded elastic
+
+Date: 2022-09-13
+
+## Status
+
+Accepted (lazy consensus).
+
+Implemented. 
+
+## Context
+
+See description of blocking vs reactive programming odel described in [ADR-57](0057-reactive-imap.md).
+
+Sometime Reactive code needs to execute blocking tasks. 
+
+ - This is the case when inter-operating with blocking libraries
+ - James reactive adoption is progressive, some parts of our application
+ are thus not reactive yet, which can result in reactive code calling
+ blocking code calling reactive code.
+ 
+Historically James used the elastic scheduler for scheduling such blocking calls. This scheduler
+starts a thread for each task submitted (and attempt to reuse threads when possible) and results
+in high thread count.
+
+That is why project reactor deprecated the elastic scheduler in favor of bounded-elastic (similar to
+a thread pool).
+
+## Decision
+
+Migrate from elastic scheduler to bounded-elastic scheduler.
+
+## Consequences
+
+We expect a reduction in used threads under load from such a change.
+
+Also, getting rid of elastic scheduler might be a requirement to upgrade to reactor 3.5 upward.
+
+Associated risk:
+ - In some places, James protocol code is reactive, calls blocking intermediates API, to 
+ end up calling reactive data access code. This results in nested blocking calls. Nested blocking
+ calls, when using the same scheduler with a bounded thread cap, can result in a dead lock.
+
+To prevent such a dead-lock code executed on bounded-elastic should not depend on scheduling nested
+blocking call on bounded-elastic scheduler for its completion. We can thus avoid such a situation by 
+using a scheduler dedicated by nested blocking calls.
+
+## Alternatives
+
+Alternatives to the "blocking call wrapper" scheduler describes above includes a full reactive 

Review Comment:
   ```suggestion
   Alternatives to the "blocking call wrapper" scheduler described above includes a full reactive 
   ```



##########
src/adr/0060-adopt-bounded-elastic.md:
##########
@@ -0,0 +1,60 @@
+# 60. Adopt bounded elastic
+
+Date: 2022-09-13
+
+## Status
+
+Accepted (lazy consensus).
+
+Implemented. 
+
+## Context
+
+See description of blocking vs reactive programming odel described in [ADR-57](0057-reactive-imap.md).
+
+Sometime Reactive code needs to execute blocking tasks. 

Review Comment:
   ```suggestion
   Sometimes reactive code needs to execute blocking tasks. 
   ```



##########
src/adr/0060-adopt-bounded-elastic.md:
##########
@@ -0,0 +1,60 @@
+# 60. Adopt bounded elastic
+
+Date: 2022-09-13
+
+## Status
+
+Accepted (lazy consensus).
+
+Implemented. 
+
+## Context
+
+See description of blocking vs reactive programming odel described in [ADR-57](0057-reactive-imap.md).

Review Comment:
   ```suggestion
   See description of blocking vs reactive programming model described in [ADR-57](0057-reactive-imap.md).
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org

[GitHub] [james-project] chibenwa commented on pull request #1196: [BOYSCOUT] Write some missing ADRs regarding recent work

Posted by GitBox <gi...@apache.org>.

chibenwa commented on PR #1196:
URL: https://github.com/apache/james-project/pull/1196#issuecomment-1253527060

   Thanks @mbaechler and sorry for lacking the discipline to do it afterward... 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org

[GitHub] [james-project] mbaechler commented on pull request #1196: [BOYSCOUT] Write some missing ADRs regarding recent work

Posted by GitBox <gi...@apache.org>.

mbaechler commented on PR #1196:
URL: https://github.com/apache/james-project/pull/1196#issuecomment-1253303839

   :tada:   Thanks for these ADRs, it's all good stuff and it allows me to be up to date with what happen in james.
   Good work folks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org

[GitHub] [james-project] chibenwa merged pull request #1196: [BOYSCOUT] Write some missing ADRs regarding recent work

Posted by GitBox <gi...@apache.org>.

chibenwa merged PR #1196:
URL: https://github.com/apache/james-project/pull/1196


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org