From Fedora Project Wiki

FedOAuth and Ipsilon merge

This page is used to record the parts and steps needed to merge FedOAuth and Ipsilon both upstream and in Fedora Infrastructure.



The end goal of merging the projects is less duplicate effort (both FedOAuth and Ipsilon have basically the same goals, so maintaining both duplicates a lot of effort).

Target: Fedora Infrastructure

Technical things Ipsilon lacks and are required for consideration into Fedora Infra

  • Support for "real" database (SQL or NoSQL yet to be determined/flexible) [DONE]
  • Support for transaction-based system, to support multiple authentications in different tabs in the same browser [DONE]
  • OpenID with at least these extensions [DONE]:
   * Simple Registration (sreg)  [DONE]
   * Attribute Exchange (AX), including SSH and GPG key attributes  [DONE]
   * Provider Authentication Policy Extension (pape)  [DEFERRED, not used by Fedora]
   * Teams  [DONE]
   * CLA [DONE]
  • Persona (DONE]
  • Support for Fedora Account System [DONE]
  • Show info about the SP the user is signing on to (" wants you to sign in with your Fedora account") [DONE]
  • Possibility to override configuration variables from file [DONE]

Plan for migrating in Fedora Infrastructure once Ipsilon has the above things

  1. Determine if we need to go through the Request For Resources process, and if yes, follow that process No, we don't need to go through this (Discussed with Kevin Fenzi)
  2. Deploy to staging, configure, and test with all Fedora Infra apps (using rube) and some external consumers (manual)
  3. Schedule a date for migration in production

Target: other FedOAuth users

The only part that Ipsilon doesn't have that FedOAuth has is webSilvia support, but that will be added soon.

For any users of FedOAuth wanting to migrate, please get in contact with puiterwijk.