Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2017-04-03

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
07:19 aldaris joined #openam
07:26 aldaris Good morning folks
07:27 asyd morning
08:44 KermitTheFragger joined #openam
11:06 KermitTheFragger aldaris: is today going to be the big day or tomorrow? ;-)
11:06 aldaris I don't know when the announcement will be made
11:07 aldaris it's an above my paygrade kind of thing
11:07 KermitTheFragger ;-)
11:23 MegaMatt joined #openam
12:35 aldaris joined #openam
13:16 gbuxton1 joined #openam
13:16 gbuxton1 left #openam
13:48 gbuxton1 joined #openam
13:48 gbuxton1 left #openam
13:50 KermitTheFragger jjpp: https://github.com/ForgeRock/openam-community-edition-11.0.3
13:50 KermitTheFragger jjpp: oops; meant this link: https://forgerock.org/
13:51 jjpp the first is interesting as well, i guess >(
13:51 jjpp :)
13:53 KermitTheFragger jjpp: i guess we should wait for some sort of announcement but what is weird is that all the version are rather old
13:54 jjpp that is true and weird. perhaps something newer is revealed after The Announcment :)
13:56 KermitTheFragger yeah lets wait and see how this plays out
13:56 MegaMatt I don’t think an announcement would change anything…
13:56 jjpp hm, so.. what about public versions of 13?
13:57 MegaMatt It’s on backstage, I believe
13:57 MegaMatt https://backstage.forgerock.com/downloads/OpenAM/OpenAM%20Enterprise/13.0.0/OpenAM%2013#list
13:58 MegaMatt I didn’t sign in to see if I can download it or not
13:59 KermitTheFragger maybe the community versions will be based on older releases
13:59 MegaMatt Yep
13:59 KermitTheFragger which is kinda hard to imagine since people will probably use those for evaluating
13:59 MegaMatt No, there’s an evaluation version
13:59 KermitTheFragger yeah but still
14:00 KermitTheFragger a product "experience" will start around the community version
14:00 MegaMatt I would imagine people would evaluate using the evaluation version, not a community verison
14:01 KermitTheFragger creating a crippled version of your own product and let a kind of culture / experience to exist around an old version of your own product seems rather dumb...
14:01 MegaMatt What’s crippled?
14:01 KermitTheFragger that would be almost like doing what MS tried to do with Java (shipping older versions and not updating) to yourself....
14:02 KermitTheFragger 2 versions behind crippled
14:02 MegaMatt That’s not the evaluation release, that’s a community release
14:02 KermitTheFragger yeah sure but people will also use the community version
14:02 MegaMatt Sure, that’s their perogative
14:02 KermitTheFragger and those people will talk about it, maybe create plugins for it
14:03 KermitTheFragger sure they can do whatever they want with their code and company
14:04 MegaMatt But if they want to use the new features, then they should buy the product…
14:04 aldaris or wait ~3 years..
14:05 MegaMatt So that there can continue to be new features made…
14:06 KermitTheFragger i don't think it works that way in people their minds
14:06 KermitTheFragger i think it would be the same if Coca cola created a budget version of coco cola
14:06 KermitTheFragger that would damage the brand as a whole
14:07 MegaMatt You’re assuming people would evaluate on a version that isn’t an evaluation version…
14:08 MegaMatt It’s like if I gave you a glass of coca-cola and said try this — and you were like, nah, I’ll just drink this 3 year old soda instead, I don’t need carbination…
14:09 KermitTheFragger and do you think such a budget version of coca cola wouldn't damage the entire coca cola brand? People would be able to separate that in their minds?
14:09 aldaris sadly what I think does not make a difference on the situation :(
14:11 MegaMatt I’m personally not too worried, I think people will realize the difference between the latest and greatest and an old version
14:12 KermitTheFragger I know somebody who worked for Mars who had this story about a manager who came to inspect a plant who found some trivial quality problem
14:13 KermitTheFragger he stopped production and threw away a massive batch just because they were afraid of their product experience would be a fraction sub-par
14:13 KermitTheFragger rationally people might know the difference, but it will delude your product experience as a whole
14:14 KermitTheFragger somebody cursing about bugs in the community edition will cause negative exposure for your brand and people won't dig deeper
14:15 KermitTheFragger if some guy with an community edition gets hacked the headline will read: "guy with a fully updated OpenAM instance got hacked"
14:15 MegaMatt Maybe, .. Personally I don’t agree with you - but I suppose these are all risks that people were willing to take
14:15 aldaris the security patch thing is a long standing issue, but lots not dwelve into that for now
14:16 MegaMatt I didn’t make any decisions myself either… but I understand the approach that is being taken, and I think it’s a good one
14:16 aldaris the only thing that makes this slightly better is that 11.0.3 is at least a patched, more stable version of OpenAM
14:16 MegaMatt I guess the alternative would be to remove the community edition completely..
14:16 aldaris certainly better than 11.0.0
14:16 aldaris additionally 11.0.3 does have a few security fixes in it, but clearly not all of them…
14:17 MegaMatt But yeah, that’s another good point — your point about old versions people complain about and it degrades the brand — that could have happened with the old model too, since people had old versions and didn’t upgrade or patch… etc..
14:18 KermitTheFragger MegaMatt: true, thats why I never understood the old model ;-)
14:18 KermitTheFragger usually a community / enterprise version split means extra features in the enterprise version.
14:18 MegaMatt which is esentially what this is.. the new versions have more features
14:19 KermitTheFragger hmm i disagree because 11.0.3 is not even "secure" in the sense that all security issues are addressed
14:20 aldaris it is more secure than 11.0.0, that's all there is
14:21 KermitTheFragger thats sounds a bit like 5 holes in your body is better then 7 ;-)
14:21 MegaMatt Well, can’t the community fix the remaining holes via a pr?
14:22 KermitTheFragger dunno
14:22 aldaris I'm not trying to defend it, I'm just trying to look at this positively, which is rather difficult to be frank
14:22 MegaMatt I’m not really trying to defend it either, .. but personally I like the move
14:22 MegaMatt So just trying to have a discussion
14:23 aldaris I'm happy to disagree with you ;)
14:23 KermitTheFragger I understand. Also I know forgerock doesn't owe me anything. So i'm just voicing my 2 cents :-)
14:23 MegaMatt I might not be a total fan of the execution
14:23 jjpp hm. we have just almost completed upgrade to openam13. with last week of prelive tests going on.. related systems have partly already been updated to new apis and stuff.. that puts us into a weird situation, to say the least..
14:23 MegaMatt But overall, I get it
14:23 KermitTheFragger so as an advocate of the devil;
14:23 MegaMatt jjpp, you can keep using 13, afaik
14:23 KermitTheFragger why would i use the 11 community edition instead of using for example gluu?
14:24 KermitTheFragger or create a community fork of the latest master (13.5-ish) openam?
14:24 aldaris you can do either
14:24 MegaMatt Go for it, imo
14:24 jjpp MegaMatt: of course, i have the cddl source. :)
14:24 aldaris I tried to use gluu, didn't work out for me personally, but I certainly didn't try it too much
14:25 KermitTheFragger yeah I understand that :-) im just wondering what the point of OpenAM 11 community edition is
14:25 jjpp KermitTheFragger: is the latest master available, now_
14:25 MegaMatt I think it’s just the starting point
14:25 MegaMatt For the community edition
14:25 aldaris jjpp, hold onto it then, building the openam-public repository is a bit of a challenge at the moment
14:25 KermitTheFragger MegaMatt: so why would the community use openam 11 instead of 13 master?
14:26 KermitTheFragger or the 13 snapshot
14:26 jjpp aldaris: yeah, I had to set up a new build job a few weeks ago. figured out that i can clone local maven cache even before the idea was added to forum..
14:26 MegaMatt Because it has less features
14:26 aldaris The latest publicly available OpenAM source code is here: https://github.com/aldaris/openam this is all before openam-public repo was introduced and reset to 13.0.0
14:26 MegaMatt So there’s more to distinguish between 11.0.3 and 5 (14.0)
14:27 jjpp aldaris: hm, thanks for the pointer. should go and check if there is any relevant patches copared to what we have.
14:27 KermitTheFragger MegaMatt: I understand why the community edition is 11 from forgerock's perspective. However I'm trying to see why I should use it instead of Gluu or forking of 13 / 13.5-ish
14:28 MegaMatt You wouldn’t use that over 13
14:28 MegaMatt But I don’t think you’re the target for the change
14:28 MegaMatt You’d still want to use 5.0 instead of 13 or 13.5
14:29 MegaMatt And then eventually the community version will become 13.x
14:29 KermitTheFragger if I was an enterprise customer with deep pockets, then yes
14:30 MegaMatt I mean, even if you weren’t - you’ll still WANT to use 5.0
14:31 KermitTheFragger sure
14:33 KermitTheFragger but with the 11.X community model it becomes more favorable for me to move away from the Open* products as a whole
14:34 MegaMatt Because you feel you have to use 11.x community instead of 13.x?
14:34 KermitTheFragger no because getting somewhere with it will be hard
14:34 KermitTheFragger patching my own 13.X branch was perfectly doable
14:34 MegaMatt and you could still do that, ...
14:35 KermitTheFragger but maintaining 11.x will be hard
14:35 KermitTheFragger yeah but newer releases are not going to be opensourced so I don't have a problem now
14:35 KermitTheFragger but I will have a problem when compatibly becomes an issue
14:35 KermitTheFragger I can never maintain that on my own
14:36 KermitTheFragger I highly doubt pull requests will be accepted for OpenAM 11
14:36 aldaris that's why a community must form itself for any of this to be borderline successful
14:36 aldaris I have no idea about the PRs to be frank
14:36 KermitTheFragger so what would happen of after a source drop of OpenAM 13 after a couple of years if community 11 has drifted
14:36 aldaris not sure if there will be anyone assigned to reviewing them
14:37 KermitTheFragger there is no easy way of merging that
14:37 KermitTheFragger maintaining 2 separate source bases is basically a fork
14:37 MegaMatt Then it would be up to the community really, I guess
14:37 KermitTheFragger so then we come back to the point there is no incentive to start from 11 instead of 13
14:38 KermitTheFragger because after a couple of years no one will probably be able to merge the changes of a 2 year newer OpenAM in a heavily modified base
14:38 KermitTheFragger which is 2 years older and has 2 years of different history
14:43 MegaMatt Sure, I agree with that
14:43 MegaMatt So don’t use the community version…
14:43 MegaMatt Use 13.x or 5.0
14:44 KermitTheFragger well 5.0 is not going to be opensource so for me thats out of the question
14:44 MegaMatt Slam your sales rep with calls demanding that they give you 5.0 for stupid cheap money.. :D
14:46 KermitTheFragger well thats not goint to happen ;-)
14:47 aldaris if you are a saml only shop, you could try shibboleth
14:48 KermitTheFragger i don't think I was a bad investment for FR. I was always a fan of their products and always told my friends about it. They even dragged me along to the FR Summit in Amsterdam because of that
14:49 KermitTheFragger aldaris: thanks for the suggestion. I think for a small shop keycloack might be a better fit, easy to setup.
14:49 aldaris haven't tried it yet, but heard it a few times already
14:54 KermitTheFragger there is also the WSO2 thing btw ( http://wso2.com/identity-and-access-management ). Never tried that
14:56 asyd the last time I tried IAM from wso2 it was a joke
14:56 asyd it was few years ago ok but no way to use  xml files to add SP, etc. I hope things changed a lot since
17:07 aldaris joined #openam
18:00 MegaMatt joined #openam
18:49 KermitTheFragger joined #openam
18:50 KermitTheFragger left #openam
19:39 jjpp aldaris: about authenticate and not being able to crosstalk to the node that handles the authentication.. I thought that in case of session upgrade, if the owner of the old session is some other node, it will still work. is that the case or will it be broken as well_
19:57 KermitTheFragger joined #openam
20:51 jjpp hm, seems so. AuthUtils uses AuthD.getSession(SessionID) which assumes that the session is local, if i understand it correctly. or perhaps it should be cached forcibly before, somehow_
21:16 jelmd anyone ever tried https://github.com/apereo/cas ?
21:19 jjpp I think we evaluated CAS at some point. Can't remember if it was the same project that ended up with installing openam or something else.
21:20 jjpp it is quite old, btw: https://en.wikipedia.org/wiki/Central_Authentication_Service
21:21 jelmd hmmm. old as “established”/“widely used” ?
21:23 * jelmd was actually waiting for a new openam branch, to start eval, but since this seems to be a dead end/waste of time, I’ll try to avoid looking at FR stuff.
21:28 jjpp yeah, i believe it is kind of established. i don't know about the wide use. then again, most of the world's population doesn't know about openam either :)
21:28 jelmd or opendj ;-)
21:30 jjpp yeah.

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary