[news.eclipse.board.committer.reps] Re: how to address this

[Scott Lewis <slewis@xxxxxxxxxxxxx>]

Eugene Kuleshov wrote:
>
<stuff deleted>
>  To sum up, this is clearly cross project issue and I wonder what is the 
> proper process to address things like that?

Well, that's a problem IMHO...for the committer reps and for the Board. 
 Since the Foundation doesn't have any direct say over the content of 
the projects, and the projects are not very diverse (i.e. are typically 
staffed/run by a single/small number of companies) it requires something 
difficult:  actual cross-organizational coordination.  This is something 
that I as a former Board member attempted to encourage among the 
projects, to admittedly limited success.

I've been an advocate that support for 'unified identity' should 
ultimately be in at the level of the Platform...so that all bundles that 
need various services for 'unified identity'...e.g. unique ids, 
cross-namespace user identification, authentication, etc. can get them 
in a way that is consistent and not reimplement them at the middleware 
(e.g. ECF) or app level (Eclipse, Mylar) each time.

Last year, some IBM Lotus folks had some work done for user 
login/authentication using JAAS (I know it's not what you are looking 
for Eugene, but it is an important part of the identity picture for 
others), and they said they were going to donate it to EF under EPL in 
Equinox, but that apparently never happened...I don't know why.

In my opinion what should happen is that a project should exist that 
would be responsible for adding 'unified identity' services at the level 
of OSGi/Equinox/Platform.  I expect this would include cross-namespace 
user identity, authentication and authorization, trust services, use 
of/integration with JAAS for authentication and authorization, etc. 
Perhaps that project should/is/could be Higgins.  Perhaps that project 
could/should start with something as simple as the ECF ID/Namespace 
plugin/service and/or some of the things that Higgins already has 
(IDAS).  Perhaps there should be multiple organizations making 
contributions, providing resources, and supporting such a project.

Although I think ECF, Higgins, and Equinox can and should contribute to 
such a project (e.g. with our existing identity bundle/extension point), 
I don't think it can reasonably be expected to do everything here as an 
independent-run project...especially since even if we did there would be 
no guarantee of platform-level usage or integration.  This is a 
practical limitation for ECF...we just can take on only so much with our 
current level of corp membership support (none), and as important as 
'unified identity' is, it isn't the only thing we are being asked to 
provide.

Best,

Scott


>  regards,
>  Eugene
>
>
> Scott Lewis wrote:
> > Though a worthy topic, I do think this is off topic for this list as I 
> > understand it.  Might be a better topic for higgins-dev and/or ecf-dev 
> > or perhaps even equinox-dev.
> >
> > A few thoughts on identity:
> >
> > 1) It's difficult to get general agreement about how identity should 
> > be *defined*.  This is very different, IMHO, from whether/how one 
> > presents a UI for identity...e.g. managing multiple identities, 
> > associating passwords/credentials with ones identities, etc.
> >
> > 2) With ECF, we've taken the approach of creating an API for the 
> > weakest (and simplest) notion of identity that we could get away with, 
> > but is still useful within the scope of our project.  For ECF, the ID 
> > contract simply specifies *uniqueness within an associated 
> > Namespace*.  This doesn't say anything of credentials, authentication, 
> > trust or any of those other important concepts, it just allows 
> > entities (users, processes, groups) to be uniquely identified across 
> > processes. Incidently, our ID interface extends the JAAS 
> > java.security.Principal interface and so is able to be used within JAAS.
> >
> > For extensibility, we define an extension point in the 
> > org.eclipse.ecf.identity bundle to allow other bundles to implement 
> > new Namespaces (and also control the creation of IDs within their 
> > Namespace).  Comm protocol implementations define their own 
> > Namespaces...and their own interpretation of a given ID.  For certain 
> > types of communication, this gives addressability...i.e. for 
> > connecting to a server socket at a certain address, for retrieving a 
> > remote file or resource (e.g. URI), etc.
> >
> > ECF's work on identity doesn't address Eugene's desire (shared by me) 
> > for a 'unified identity' that can interoperate among Eclipse and 
> > non-Eclipse-based systems.  But we think it does provide a useful 
> > building block/starting point for building some of these other parts 
> > of unified identity...addressing of remote processes (useful for 
> > communications/ECF project), associations (with credentials, other 
> > types of identities, etc), trust establishment, identity management 
> > interfaces, etc.  Hopefully this, along with Higgins and other efforts 
> > can be used to get toward more unified identity.
> >
> > Best,
> >
> > Scott
> >
> >
> > Eugene Kuleshov wrote:
> > > Hi,
> > >
> > >  I am not sure how to address this issue and looking for advice.
> > >
> > >  In development process we usually have several identities for each 
> > > developer and each identity is managed in its own system, such as 
> > > version control systems (CVS, SVN, etc), issue tracking systems 
> > > (Bugzilla, JIRA, etc), instant messaging systems (icq, xmpp, gtalk, 
> > > yahoo, skype, etc) and regular email. In IDEs each of those those 
> > > identities is managed by its own plugin. For example in Eclipse, CVS 
> > > and SVN identities are known by team version control providers, issue 
> > > tracking systems are managed by Mylar or specialized plugins, and 
> > > instant messaging identities are managed by ECF.
> > >
> > >  As a result, we don't really have links between those identities. 
> > > For example, we can't open an entry in the CVS History, Synchronize 
> > > view or CVS annotation (aka "blame" thing) in the editor and send an 
> > > instant message to the user who committed that change (say when he 
> > > did something outstanding or if he did something terrifying) or see 
> > > if person who made comment to the bug report is online.
> > >
> > >  We need some kind of address book or roster UI and correspond 
> > > backend that would allow to manage multiple user identities and would 
> > > allow 3rd party components to interact with those identities. The 
> > > closest piece Eclipse have right now is the Roster view from ECF, but 
> > > it still quite far from supporting such feature and it is unclear if 
> > > it even in scope of the ECF project.
> > >
> > >  IBM Jazz project choose different approach to this issue. since they 
> > > built their own issue tracker, version control system and even 
> > > instant messaging system they got unified identity across all those 
> > > systems. Unfortunately in the real world we have to deal with number 
> > > of existing legacy systems.
> > >
> > >  Does anyone have thoughts on this and what is the best way to 
> > > address this need?
> > >
> > >  regards,
> > >  Eugene
> > >
> > > PS: you can also comment to my blog post at 
> > > http://jroller.com/page/eu?entry=multiple_identies