Hello, With fifteen binding +1 votes, 3 non binding +1 votes, and no negative votes, the Amber project has been accepted into the Incubator. Next step will be creation of infrastructure for the project.
Thanks to all for casting your votes. Simone 2010/5/7 Henry Saputra <henry.sapu...@gmail.com> > +1 (non-binding) > > On Fri, May 7, 2010 at 9:42 AM, David Jencks <david_jen...@yahoo.com> > wrote: > > > +1 (not yet binding?) > > > > thanks > > david jencks > > > > On May 4, 2010, at 3:48 PM, Simone Gianni wrote: > > > > > I would like to present for a vote the following proposal to be > sponsored > > by > > > the Shindig PMC for a new "Amber" podling. The goal is to build a > > community > > > around delivering a OAuth v1.0, v1.0a and upcoming v2.0 API and > > > implementation > > > > > > The proposal is available on the wiki at and included below: > > > > > > http://wiki.apache.org/incubator/AmberProposal > > > > > > [] +1 to accept Amber into the Incubator > > > [] 0 don't care > > > [] -1 object and reason why. > > > > > > Thanks, > > > Simone Gianni > > > > > > --- Proposal text from the wiki --- > > > > > > = Amber = > > > == Abstract == > > > The following proposal is about Apache Amber, a Java development > > framework > > > mainly aimed to build OAuth-aware applications. After a brief > explanation > > of > > > the OAuth protocol, the following proposal describes how Apache Amber > > solves > > > issues related to the implementation of applications that adhere to > such > > > specification. > > > > > > == Proposal == > > > Amber will have no or negligible dependencies and will provide both an > > API > > > specification for, and an unconditionally compliant implementation of, > > the > > > OAuth v1.0, v1.0a and v2.0 specifications. The API specification will > be > > > provided as a separate JAR file allowing re-use by other developers and > > > permits configuration: > > > > > > * by XML > > > * by the Java JAR Services "ServiceLoader" mechanism > > > * programmatically > > > > > > The API component specifies that an implementation must provide default > > > classes for Provider, Consumer and Token objects making Amber easy to > > > integrate with existing infrastructure and OAuth client interactions > > > possible with virtually no additional configuration. The API is > flexible > > > enough to allow programmatic customisation or replacement of much of > the > > > implementation, including the default HTTP transport. > > > > > > Amber will provide both client and server functionality, enabling > > developers > > > to deploy robust OAuth services with minimal effort. > > > > > > == Background == > > > Roughly, OAuth is a mechanism that allows users to share their private > > > resources, like photo, videos or contacts, stored on a site with > another > > > site avoiding giving their username and password credentials. Hence, > from > > > the user point-of-view, OAuth could be the way to improve their > > experience > > > across different applications with an enhanced privacy and security > > control > > > in a simple and standard method from desktop and web applications. The > > > protocol was initially developed by the oauth.net community and now is > > under > > > IETF standardization process. > > > > > > The main idea behind OAuth is represented by the token concept. Each > > token > > > grants access to a site, for a specific resource (or a group of > > resources), > > > and for a precise time-interval. The user is only required to > > authenticate > > > with the Provider of their original account, after which that entity > > > provides a re-usable to token to the Consumer who can use it to access > > > resources at the Provider, on the users behalf. > > > > > > Moreover, the total transparency to the user, that is completely > unaware > > of > > > using the protocol, represents one of the main valuable characteristics > > of > > > the specification. > > > > > > Apache Amber community aims not just to create a simple low-level > > library, > > > but rather to provide a complete OAuth framework easy to use with Java > > code, > > > on top of which users can build new-generation killer applications. > > > > > > There are currently three implementation efforts going on in ASF for > > OAuth > > > v1. A stable implementation of OAuth v1 is present in Apache Shindig, > but > > it > > > is not actively developed and not shared with other projects. A Lab > > having > > > Simone Tripodi as its PI is working on an implementation for an OAuth > > > library that could be used by other products. Zhihong Zhang wrote an > > OAuth > > > plugin for JMeter. > > > > > > At the same time, on the IETF OAuth v2 mailing list, other people > > expressed > > > interest for a Java API and implementation, among them two Apache > > committers > > > and one active contributor. > > > > > > Outside the ASF there are three known Java OAuth 1.0/1.0a libraries > > > > > > * The oauth.net reference implementation by John Kristian, Praveen > > Alavilli > > > and Dirk Balfanz. > > > * OAuth SignPost - a simple OAuth message signing client for Java and > > > Apache HttpComponents by Matthias Kaeppler. > > > * OAuth Scribe - a simple OAuth client by Pablo Fernandez. > > > * asmx-oauth (on google code) - a complete open source OAuth 1.0 > Consumer > > > and Service Provider implementation provided by Asemantics Srl (Simone > > > Tripodi was involved). > > > > > > == Rationale == > > > The key role played by the OAuth specification, within the overall Open > > > Stack technologies, jointly with its high degree of adoption and > > maturity, > > > strongly suggest having an Apache leaded incubator for suitable > reference > > > implementation. Furthermore, the OAuth specification is currently > gaining > > > value due to its involvement in a standardization process within the > > IETF, > > > as the actual internet draft. Having the Apache Amber as an Apache > > Incubator > > > could be an opportunity to enforce the actual Apache projects that > > already > > > reference other IETF specifications. > > > > > > Moreover, other Apache Projects, such as Abdera, Shindig and Wink, are > > > currently supporting the OAuth protocol, so having the OAuth Apache > > > reference implementation should benefit not only the project and the > > related > > > commmunity itself, but also existing and active Apache projects. > > Combining > > > efforts from existing Apache projects is a logical step. > > > > > > Providing an Apache licensed library will make it easier for other > Apache > > > projects to integrate OAuth, like, for example: > > > > > > * It could be the foundation framework for Consumer developers; > > > * It could be the foundation Framework for Service Provider developers; > > > * It could be integrated into Apache Shindig; > > > * It could be integrated into Apache Abdera; > > > * It could be integrated into Apache Wink; > > > * It could be integrated into Spring Security; > > > * It could be integrated with JAAS (and be deployed in Tomcat-based > > Servlet > > > Containers); > > > * It could be integrated into Jakarta JMeter; > > > * Apache Wookie (incubating) expressed interest in an OAuth > > implementation; > > > * Most importantly, it could be a backend for dozens of useful new > > > innovative projects that no-one has envisioned yet. > > > > > > = Current Status = > > > Code in the > > > [[http://svn.apache.org/viewvc/labs/amber|Amber<http://svn.apache.org/viewvc/labs/amber%7CAmber>Lab]] > > > and in > > > Apache Shindig is already licensed to the ASF. More contributions of > code > > > and ideas are expected from initial committers, so an implementation of > > > OAuth v1 should be reached quickly, and act as a base for an OAuth v2 > API > > > and implementation. > > > > > > == Meritocracy == > > > As a majority of the initial project members are existing ASF > committers, > > we > > > recognize the desirability of running the project as a meritocracy. We > > are > > > eager to engage other members of the community and operate to the > > standard > > > of meritocracy that Apache emphasizes; we believe this is the most > > effective > > > method of growing our community and enabling widespread adoption. > > > > > > == Community == > > > The amount of interest in the OAuth protocol from enterprises, social > > > networks and individual developers suggests a strong community will > > develop > > > once the framework to support one is laid. > > > > > > == Core Developers == > > > * Simone Gianni <simoneg at apache dot org> (Semeru) > > > * Simone Tripodi <simonetripodi at apache dot org> (Sourcesense) > > > * Stuart "Pid" Williams <pid at pidster dot com> (Clubtickets.com) > > > * David Recordon <recordond at apache dot org> (Facebook) > > > * Tommaso Teofili <tommaso at apache dot org> (Sourcesense) > > > > > > == Alignment == > > > The purpose of the project is to develop an implementation of OAuth v1 > > and > > > OAuth v2 that can be used by other Apache projects. > > > > > > = Known Risks = > > > == Orphaned Products == > > > Being OAuth a standard receiving a lot of interest, and being v2 an > > ongoing > > > work in IETF, we believe there is minimal risks of this work becoming > > > non-strategic and the contributors are confident that a larger > community > > > will form within the project in a relatively short space of time. > > > > > > == Inexperience with Open Source == > > > All of the committers have experience working in one or more open > source > > > projects inside and outside ASF. > > > > > > == Homogeneous Developers == > > > The list of initial committers are geographically distributed across > the > > > U.S. and Europe with no one company being associated with a majority of > > the > > > developers. Many of these initial developers are experienced Apache > > > committers already and all are experienced with working in distributed > > > development communities. > > > > > > == Reliance on Salaried Developers == > > > To the best of our knowledge, none of the initial committers are being > > paid > > > to develop code for this project. > > > > > > == Relationships with Other Apache Products == > > > A number of existing ASF projects could benefit from an OAuth > > > implementation, including Apache Shindig, Apache Abdera, Apache Wink, > > Jmeter > > > which are already using partial and non standardized OAuth > > implementations. > > > Basically any other server-side framework or application could benefit > by > > > using Amber. It is hoped that members of those projects will be > > interested > > > in contributing to and adopting this implementation. > > > > > > == A Excessive Fascination with the Apache Brand == > > > Amber fits naturally in the ASF because : > > > > > > * It is an implementation of an open standard > > > * It is a server component on which many other projects can depend on > > > > > > = Documentation = > > > [1] More information about OAuth can be found here:<<BR>> > > > http://www.oauth.net/ > > > > > > [2] The IETF discussion about the emerging OAuth v2.0 specification is > > > occuring on this mailing list<<BR>> oa...@ietf.org > > > > > > = Initial Source = > > > The intial source comprises code developed inside Apache Labs, other > > Apache > > > projects and contributed under the CLA. > > > > > > = Source and Intellectual Property Submission Plan = > > > Source code will be moved from SVN space of Apache Labs, Apache Shindig > > and > > > other appropriately licensed sources inside the SVN space of the > podling. > > > > > > = External Dependencies = > > > None known > > > > > > = Cryptography = > > > The project will use cryptographic utilities available as standard in > > Java > > > 6. > > > > > > = Required Resources = > > > * Mailing lists > > > * amber-private (with moderated subscriptions) > > > * amber-dev > > > * amber-user > > > * amber-commits > > > * Subversion directory > > > * https://svn.apache.org/repos/asf/incubator/amber > > > * Website > > > * Confluence (AMBER) > > > * Issue Tracking > > > * JIRA (AMBER) > > > > > > = Initial Committers = > > > Names of initial committers with affiliation and current ASF status: > > > > > > * Simone Gianni <simoneg at apache dot org> (Semeru) > > > * Simone Tripodi <simonetripodi at apache dot org> (Sourcesense) > > > * Stuart "Pid" Williams <pid at pidster dot com> (Clubtickets.com) (CLA > > > filed) > > > * David Recordon <recordond at apache dot org> (Facebook) > > > * Tommaso Teofili <tommaso at apache dot org> (Sourcesense) > > > * Paul Lindner <lindner at inuus dot com> (LinkedIn) > > > * Pablo Fernandez <fernandezpablo85 at gmail dot com> (LinkedIn) > > > > > > = Sponsors = > > > == Champion == > > > * Brian McCallister <brianm at apache dot org> > > > > > > == Nominated Mentors == > > > * Henning Schmiedehausen <henning at apache dot org> > > > * Jean-Frederic Clere <jfclere at gmail dot com> > > > * Gianugo Rabellino <gianugo at apache dot org> > > > * David Jencks <djencks at apache dot org> (Waiting on IPMC) > > > > > > == Sponsoring Entity == > > > * Shindig PMC - Confirmed Apr 29, 2010 > > > > > > = Other interested people = > > > * Saleem Shafi <mshafi at paypal dot com> > > > * Chirag Shah (Apache Shindig Committer) > > > * Greg Brail <gbrail at sonoasystems dot com> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > >
