- FAS 2 as reference
- FAS 3.0 - Desktop rendering
- Move web framwork from TurboGears 1 to Pyramid
- A real endpoint API
- Better membership management/workflows
- Improved database model
- Make it more Fedora agnostic
- Bring new features
- A better administration mangement.
- A dynamic configuration management
- Social-network friendly
Groups and people visibility
- No need to log in anymore to review groups and people's profile (only public info will be disapled).
- Provide a dedicated ENDPOINT to retrive accounts' data.
- Access to this API requires a generated token that people can get from their
- profile's page.
- We will introduce some new status for workflow we wanted to manage
- on_vaction: allow contributors to set a better view of their current activity. Also usefull for Fedora-Hub
- disable: allow contributors to disable their account which will lead a complete revokation of all access on fedora system.
- People will be able to add an avatar to their profile (from a 3rd party service)
- This avatar will be available to 3rd-party which can use it in their views or more.
- Allow people to write up a bio (view-able from their profile's page).
Group 3rd-party binding
- As we (Fedora project) has a specific way of using group (i.e providing VCS access and the like)
- group will provide a way to bind its ACLs to 3rd party in order to retrieve people or to give people
- some rights to this 3rd party if its members exist from this 3rd party.
- Current target for now is:
- GitHub organization
- Admin or group's admin could bind a group to a github organization's team.
- Which, create github's team if not exist and add its members to it if its members exist on github.
- If group is VCS related, create a github's repo if not exist already and give its members commit access.
- Same as github for the workflow.
- Group's owner has been renamed to "principal Administrator" as group's admin can now
- pass along their group's ownership to another admin of the same group.
- Account's administrator can do the same.
- Introducing group's status that admin can manage to better track activities.
- inactive: no more sync in between services
- archive: access revoked
Group Membership status
- A new status on membership to better track activities.
- inactive: no more sync in between services for this member
Group Membership management
- User will be able to join a group without being sponsored.
- Group role: Admin will be able to choose what kind of role a group can provide from pre-defined one. Most of our group doesn't requrie a "sponsor" role.
- Membership requirement: user will have to proceed through different in order to get approved based on group requirement such as:
- ssh key: if group requires it. Members will receive an email/ui notification to update their profile for this group
- license agreement: same as above.
- 2x factor auth: same as above.
- Client certificate: group's admin will be able to attache a CA to a group and only members of this group will be able to get a client certificate to access target resources.
- Account's admin will have a dashboard where they could manage account related elements
- people management
- Remove an account
- Block, disable or archive account
- groups management
- Add, edit and remove groups
- Block or archive groups
- groups' types management
- license agreement management
- Add, edit and remove Licenses
- Enable license at sign-up which flag the license signing as mandatory
- private API access management
- Generate private token for trusted applications
- people management
- A new page where people can review their account's activities with datetime, events and locations.
- Allow people to connect their github account and share their public infos with Fedora services.
- Allow people to connect their twitter account and share their public infos with Fedora service. Enabling twitting fedora info on request.
2 factors authentication
This 2 factors auth will be required from every login request (web app including) which mean, if user active it, and want to log in to mediawiki, they will have to enter both login+password then 2nd factor.
- Gauth token or FreeOTP?
- Optional 2nd auth wihch once activated, will ask people after entered a valid login+password
- their Gauth token to let them in.
- This one will not be added as a 2nd auth but as a combo with the login and password (i.e login+password+otp)
- (as discussed last flock-2014).
- Fido U2F (TBD)
- Requires a FIDO key and a chrome browser.
- a plugins for firefox should come out soon though.
- Add another users & groups dict by Changing SQL backend to LDAP's for groups and people management.
- Demo instance:
- URL: http://fas3-dev.fedorainfracloud.org (poke me on IRC #fedora-apps if page is blanc)
- login: jbezorg
- pass: jbezorg
Features (Not up-to-date)
- Group Management [demo video]
- People profile's page
- Login failure
- Admin dashboard