OSSI Kickoff material (F2F Berlin)
F2F Goals:
Task I. Complete a public directory of Open Source identity products in the scope of KI
1. Overview
a. Define material for studies
List technologies and associated specifications
- SAML
- OpenID
- OAuth
- UMA
- WS-Trust
- ID-WSF
- XACML PDP
- XACML PEP
- Privacy policy definition (P3P documents, XACML, WS-Policy)
- Generic tools (XML, DTD, namespaces, HTTP server/Client, X509, Cryptography)
- XML Security (XML signature, encryption, WS-Security)
- Identity backends (LDAP, DB, text files), provisionning (SPML) and synchronization (meta-directories)
For open specifications, which IPR.
List existing certifications of specification implementations
Structure the whole picture with categories and products
- Personnal Web SSO and attribute sharing (OpenId)
- Authentication delegation, certified personal data and access delegation to trusted services (SAML, IDWSF)
- Personal data management and access delegation to personal services (OpenID, OAUTH, UMA)
- Identity Providers (may be SAML, openID, STS)
- Identity selectors, claims-agent, Identity-in the-cloud agent, Identity-in-the-browser, etc.
- Libraries implementing a specification.
Define characteristics for evaluation (produce evaluation matrix)
- e.g. SAML: IdP/SP/ECP, then SSO/SLO/etc.
- e.g. Identity Selector: User terminal/in the cloud
b. Study open source software and complete a review
- Introduced and discussed software on the mailing list
- Interested partie are invited to register and take part to the discussion
- We will limit the studies to few weeks in duration (no testing)
- We will attempt to categorize the software
- Check functionalities
- Check open specifications implementation
- Check for certification
- Approval by vote of the group members
- Publish a note for each software in the public directory
- Announce the publication on the maling list
- Online comments and ratings
- Allow WG members to add comments and ratings to each software note
2. OSSIWG Milestones & immediate Deliverables :
- Vote to accept this work
- Setup a wiki space for this task
- Define the categories and existing open specifications and certifications
- Make a non-exhaustive list candidate software
- Setup the directory on the wiki (template for notes, functions to add comments and ratings...)
- Advertise the beginning of the effort; recruit participants
- Begin the survey: Objective 1-2 products per month
Task II. Open source general knowledge survey
Conduct an annual survey within the community as to their feelings about open source, free software and OSSIWG initiatives
1. Overview
a. Sample questionnaire
General FAQs :
- Do you think that there is a difference between open source and free software?
- Have you ever heard about copyleft?
- Have you already heard about software license that provide "contamination"?
- Have you already heard about "prophylaxis" concerning a software?
- Do you know the name Apache License?
- Do you know the Apache license in the sense that you know how you can develop with an existing software with that license?
- Do you know the name MIT License?
- Do you know the MIT license in the sense that you know how you can develop with an existing software with that license?
- Do you know the name BSD License?
- Do you know the BSD license in the sense that you know how you can develop with an existing software with that license?
- Do you know the name GNU GPL License?
- Do you know the GNU GPL license in the sense that you know how you can develop with an existing software with that license?Do you know the difference between GPL and AGPL license?
Questions to businesses with open source and free software :
- Do you work for a company that edit softwares?
- Does you company practice paying license software?
- Does you company has open source software?
If yes, which license? - According to you, why could be the main reason for a company to do open source?
- Promote a technology and its adoption
- Transparency/benefit on user trustworthiness
- Prove the quality of the code
- Improve the company ecosystem
- Contributing to common wealth
- Other reasons
- Do you think that exists a business model for companies doing only open source software?
- Have you ever bought a software license?
- Did you pay for its use only in mind?
- Or, did you pay for the bug corrections/updates?
- Did you pay thinking that you had no other choice?
- Do you think that, for the same functionalities, a paying license software is more secure that an open source software ?
- Do you think that main free software are as well maintained as software with paying license (bugs are regularly corrected, functionalities are added, etc.)?
- Do you think that, to maintain a software, it is more interesting to contract directly with a free software maintainer than to pay a license software?
Identity products :
- Have you ever used an open source product for identity management?
- Would you go in production with an open source product for identity management?
- Among these technologies, which, according to you, are missing open sources implementations?
- Cryptography
- HTTP server/Client
- XML, DTD, namespaces
- XML signature or encryption
- WS-Security
- SAML
- OpenID
- OAuth
- UMA
- WS-Trust
- ID-WSF
- X509
- Identity selectors, claims-agent, Identity-in the-cloud agent, etc.
- XACML PDP
- XACML PEP
- Access control policy definition (allowing definition of WS-policy or XACML documents)
- Privacy policy definition (allowing definition of P3P documents)
- LDAP directories
- LDAP meta-directoty/synchronization
- Identity backends (LDAP, DB, text files) synchronization
- SPML
- For each categories, ask if the products in the directory are known.
About OSSIWG :
- Did you know this WG before you were asked to answer this survey?
If yes, are you a WG member?
If not, do you plan to register?
If not, do you plan to register?
If yes, have you read public production of the OSSIWG? - Do you think that Kantara Initiative is a relevant actor to publish some works about open source software?
2. OSSIWG Milestones & immediate Deliverables :
- Vote to accept this work
- Setup a wiki space for this task
- Define a generic questionnaire
- Define the targets: KI members only, more.
- Adapt the questionnaire if necessary
- Define if it is an open questionnaire or if we should distribute tickets
- Define the vote duration (2 or 3 weeks)
- Accept the questionnaire by vote
- Publish the questionnaire and set up the vote
- Advertise the vote
- Analyze results
Task III. Web content publishing around open source
1. Overview :
- Publish news of the OSSIWG
- Provide general explanations and pointers on the main references of opensource (open source licence directories, etc.)
- Periodic highlights from articles about open source (Blog?)
- Move toward a webzine, with a reviewing committee that publishes works related to open source software, with special issues (e.g. a new tech, green IT, etc.)
2. OSSIWG Milestones & immediate Deliverables :
- Vote to accept this task
- Setup a wiki space for this task
- Define the objectives
- Define the content and structure
- Define the web page navigation (plan how the articles will be highlighted)
- Create the guide: redaction/review 3/4 iterations
- WG approval of the guide
- Publish online
- Form a reviewing committee
- Call for papers
- Publish papers ad hoc
- Make special issues
Task IV. Advertise standards/specs in the scope of Kantara to open source communities
1. Overview :
- Coordinate with other workgroups
- Provide news to communities: linuxfr.org, etc.
- Participate to open source and free software events: FOSDEM, RMLL, Solutions Linux, JDLL, etc.
2. OSSIWG Milestones & immediate Deliverables :
- Vote to accept this task
- Setup a wiki space for this task
- Define a list of objectives
- Maintain list of specs to advertize (Follow the KI WG mail lists)
- Advertize