mace-opensaml-users - Re: Stability of source tree
Subject: OpenSAML user discussion
List archive
- From: Bradley Beddoes <>
- To: Scott Cantor <>
- Cc:
- Subject: Re: Stability of source tree
- Date: Mon, 28 Aug 2006 23:09:17 +1000
Hi Scott,
Scott Cantor wrote:
Essentially there are several pieces of the 2.0 spec that would be very useful in the design of this project as it currently stands but I note that the code repository clearly states that it should not be used in production systems.
That's a necessary caution to discourage use by people who aren't equipped
to handle less than complete documentation, bugs, API changes, etc.
It's also not really in a state for people who are complete novices to XML,
the language environment, etc. to deal with it. We don't have time to go
overboard helping people deal with basic things until we ship, so the
warning helps limit use until then.
More then understand, we have similar problems with people here expecting production quality support for in development code bases.
Timelines for starting work on this project in a technical sense are within the next month to two months with completion by early 2007.
You're on about the same timeline Shibboleth is, so the code has to be
stable by then. But a lot of APIs aren't even started yet, and probably
won't be locked down until late in the Shibboleth development cycle.
We also are used to being the only large scale users. If other projects use
the code, I expect other problems might come to light that we can address.
Would be more then happy to feed back any issues we locate with patches or advisories.
Could you please advise if the code (both Java and C++) is stable enough for usage now or if not how stability plans may fit in with my timelines. Should it prove to not be a happy fit we will have to look at using the 1.1 compliant opensaml code.
I think most of what's there works, and most of it is pretty API stable. But
virtually all higher level binding and profile work is completely TBD. We do
have a lot of cryptographic support in core now, stuff that used to be all
in Shibboleth. That makes the library itself more useful.
The cryptographic stuff will be very helpful on what is a tight time line already here.
I tend to let build docs and other C++ niceties lag for the simple reason
that virtually nobody else uses that code. It makes it possible for me to be
lazy about things when I'm the only user. If somebody is actually using it,
that tends to motivate me more. But I don't have the time until Shibboleth
is farther along to really get the build documented properly for novices. At
least now there are complete API docs available though, and a lot more unit
tests.
No problems, we may even be able to contribute some of this documentation as we get into using the library further, for now it looks like the negatives associated with not going SAML 2 will out weigh the risks of using this library so you guys can probably expect to hear some more from me over the coming months. Thanks for your input thus far.
regards,
Bradley
-- Scott
- Stability of source tree, Bradley Beddoes, 08/27/2006
- RE: Stability of source tree, Scott Cantor, 08/27/2006
- Re: Stability of source tree, Bradley Beddoes, 08/28/2006
- Re: Stability of source tree, Chad la Joie, 08/28/2006
- Re: Stability of source tree, Bradley Beddoes, 08/28/2006
- RE: Stability of source tree, Scott Cantor, 08/27/2006
Archive powered by MHonArc 2.6.16.