From Fedora Project Wiki
(Draft)
 
 
(14 intermediate revisions by 2 users not shown)
Line 2: Line 2:


This page is used to record the parts and steps needed to merge FedOAuth and Ipsilon both upstream and in Fedora Infrastructure.
This page is used to record the parts and steps needed to merge FedOAuth and Ipsilon both upstream and in Fedora Infrastructure.
Links:
* FedOAuth homepage: https://github.com/FedOAuth/FedOAuth/
* ipsilon homepage: https://fedorahosted.org/ipsilon/
* Announcement email: https://lists.fedoraproject.org/pipermail/infrastructure/2014-September/014863.html




Line 12: Line 17:
=== Technical things Ipsilon lacks and are required for consideration into Fedora Infra ===
=== Technical things Ipsilon lacks and are required for consideration into Fedora Infra ===


* Support for "real" database (SQL or NoSQL yet to be determined/flexible)
* Support for "real" database (SQL <strike>or NoSQL yet to be determined/flexible</strike>) [DONE]
* Support for transaction-based system, to support multiple authentications in different tabs in the same browser
* Support for transaction-based system, to support multiple authentications in different tabs in the same browser [DONE]
* OpenID
* OpenID with at least these extensions [DONE]:
* Persona (Could be a second phase where we run FedOAuth and Ipsilon side-by-side temporarily, but rather not)
    * Simple Registration (sreg)  [DONE]
* (X) Support for Fedora Account System
    * Attribute Exchange (AX), including SSH and GPG key attributes  [DONE]
 
    * Provider Authentication Policy Extension (pape)  [DEFERRED, not used by Fedora]
    * Teams  [DONE]
    * CLA [DONE]
* Persona (DONE]
* Support for Fedora Account System [DONE]
* Show info about the SP the user is signing on to ("https://apps.fedoraproject.org/calendar/ wants you to sign in with your Fedora account") [DONE]
* Possibility to override configuration variables from file  [DONE]


=== Plan for migrating in Fedora Infrastructure once Ipsilon has the above things ===
=== Plan for migrating in Fedora Infrastructure once Ipsilon has the above things ===


# Determine if we need to go through the Request For Resources process, and if yes, follow that process
# <strike>Determine if we need to go through the Request For Resources process, and if yes, follow that process</strike> No, we don't need to go through this (Discussed with Kevin Fenzi)
# Deploy to staging, configure, and test with all Fedora Infra apps (using rube) and some external consumers (manual)
# Deploy to staging, configure, and test with all Fedora Infra apps (using rube) and some external consumers (manual)
# Schedule a date for migration in production
# Schedule a date for migration in production


== Target: other FedOAuth users ==
== Target: other FedOAuth users ==
=== Technical things Ipsilon lacks and are required to completely replace FedOAuth everywhere (that are NOT in the above sections) ===


* Persona
The only part that Ipsilon doesn't have that FedOAuth has is webSilvia support, but that will be added soon.
* webSilvia
* Migration script that takes FedOAuth configuration and transforms it to Ipsilon config


=== Plan for migrating other customers of FedOAuth to Ipsilon ===


This will mainly be the migration script, but otherwise this is customer-specific.
For any users of FedOAuth wanting to migrate, please get in contact with [[User:puiterwijk|puiterwijk]].

Latest revision as of 19:47, 14 November 2014

FedOAuth and Ipsilon merge

This page is used to record the parts and steps needed to merge FedOAuth and Ipsilon both upstream and in Fedora Infrastructure.

Links:


Goal

The end goal of merging the projects is less duplicate effort (both FedOAuth and Ipsilon have basically the same goals, so maintaining both duplicates a lot of effort).


Target: Fedora Infrastructure

Technical things Ipsilon lacks and are required for consideration into Fedora Infra

  • Support for "real" database (SQL or NoSQL yet to be determined/flexible) [DONE]
  • Support for transaction-based system, to support multiple authentications in different tabs in the same browser [DONE]
  • OpenID with at least these extensions [DONE]:
   * Simple Registration (sreg)  [DONE]
   * Attribute Exchange (AX), including SSH and GPG key attributes  [DONE]
   * Provider Authentication Policy Extension (pape)  [DEFERRED, not used by Fedora]
   * Teams  [DONE]
   * CLA [DONE]
  • Persona (DONE]
  • Support for Fedora Account System [DONE]
  • Show info about the SP the user is signing on to ("https://apps.fedoraproject.org/calendar/ wants you to sign in with your Fedora account") [DONE]
  • Possibility to override configuration variables from file [DONE]

Plan for migrating in Fedora Infrastructure once Ipsilon has the above things

  1. Determine if we need to go through the Request For Resources process, and if yes, follow that process No, we don't need to go through this (Discussed with Kevin Fenzi)
  2. Deploy to staging, configure, and test with all Fedora Infra apps (using rube) and some external consumers (manual)
  3. Schedule a date for migration in production

Target: other FedOAuth users

The only part that Ipsilon doesn't have that FedOAuth has is webSilvia support, but that will be added soon.


For any users of FedOAuth wanting to migrate, please get in contact with puiterwijk.