A Few Odds and EndsOk, a couple of other OpenQabal tidbits before bed:
- You can now follow OpenQabal on Facebook
- You can now follow OpenQabal on Twitter
- OpenQabal made it into the top twenty list for open-source social software!
A Few Odds and EndsOk, a couple of other OpenQabal tidbits before bed:
Latest OpenQabal News
I'm sure most everyone is assuming that OpenQabal is dead. That would be a reasonable assumption given the lack of activity on my part for the past while. And it may even be true, for a certain value of "dead" and a certain value of "OpenQabal." Certainly since the last time I was heavily engaged in this project, the world around us has changed, and context and assumptions have changed. To everyone who wanted a decentralized, federated, open-source social-networking platform 2 years ago, I apologize... I let myself get distracted by other concerns and let this languish.This is doubly sad given the recent burst of interest in that very space (see: Diaspora), after the Facebook's Gone Rogue bit; but things are what they are and there's no use crying over spilt milk. So, the future then... As I said almost a year ago, the goal - in my mind - had already changed to being more about APIs for building "social applications." I believe that is still the case, and that is still the direction that I'll be pursuing with code I write in the near future. There is another subtle (or not so subtle) shift in focus as well... More than before, my intent is to focus on APIs, interfaces and tools for building socially aware applications in an enterprise context. As much as I hate buzzwords and labels, I'd say the goal is a Enterprise 2.0 suite. As my current interests have moved heavily in the area of social ranking / voting, collaborative filtering, tagging, etc., I've started coding up a front-end to work with those techniques. As that evolves, some of the same APIs that were part of the OpenQabal vision 2 years ago will begin to evolve again. Some new things may appear, some old things may get dropped, as I explore some ideas about how all of this will work. At any rate, there *will* be new work coming out of the OpenQabal project, it just might not be what anybody thought it would be before. Some things I know I'll be doing:
Is OpenQabal dead?A few emails have shown up in my inbox over the past month or two, which I've been sadly negligent in replying too. If you sent one of them, I will reply to you directly in short order, but I did want to post a quick update here. The question lately has been: "What's going on with OpenQabal? Is the project (dead|inactive|stalled|etc) or alive?" The short answer is, the project IS still alive. For some value of "alive" anyway. This project has not received much attention from me lately, for a variety of reasons. Late last year I was involved in a political campaign, and that bled over into the holiday season, and I basically said "I'll work on it after the beginning of the year." Then January came and went, and my passion for hacking code in my every spare hour got pushed aside for some other interests for a while. But at no point did I decide to drop this project, and I fully expect some work to resume shortly. Of course my life just keeps getting more complicated, as I'm currently in the middle of starting a new IT consulting and custom development shop: Fogbeam Labs. The bad news about that is, it takes time and cycles that I could be spending on OpenQabal. The good part is, if things work out well and I prove I can support myself consulting, I should (in theory) have more freedom to dedicate some time to OQ, unlike when I was doing the "40 hours a week for The Man" job. One point of interest though: The focus of OpenQabal might change. After a very enlightening discussion a few weeks ago - with a friend who's opinions I respect greatly - I'm thinking that OpenQabal should probably drop most of the directly user facing "stuff" (for now at least) and focus on become a set of enabling APIs for building social applications. Of course those APIs were always part of the plan, but what I was trying to build was the APIs and a default suite of applications to use them, all at the same time. And since this is still mostly a one-person project, it's proving somewhat overwhelming. So, the net-net is: OpenQabal is still alive, but the focus may be changing, and the roadmap along with it. And I can't make any specific promises at the moment about what will be done when. Unless you want to hire Fogbeam Labs to do some OpenQabal work, that is. :-) Also, to the couple of folks who have asked "I want to use OpenQabal in a production site, can I?" The answer is a qualified "maybe." The blogging and forums stuff works fairly well, since it's all based on existing code from established projects. And SSO between the Roller App and the JavaBB App using CAS works fairly well. The last thing I was looking into before things got stalled out was how to make CAS into an OpenID Relying Party so one could sign in using OpenID and still get SSO between apps. That may get dropped for now, once work resumes however.
Some Notes on Identity Management in OpenQabalSome quick notes on what's going on with the Identity related stuff in OQ. Not necessarily in order: 1. One of the key concepts in OQ is the notion of federated identity... that is, an identity associated with one install of OQ should be "usable" from another install, where "usable" might mean "user at Site A can list user at Site B as a friend" or it might mean "user from Site B can login at Site A" or it might mean both, or it might mean neither. 2. That said, part of the idea of OQ, at any given install, is to be a sort of "social operating system" that enables application integration based on "social" technologies (the social graph, social ranking/voting, etc). 3. The use cases around (2) above are where some actual work has been done, and stuff works. We currently integrate apps running in the same domain by using JA-SIG CAS, with the authentication backend being our own simplistic IdM system (refered to as the IdentityEngine). 4. At one time it seemed to make sense to have the IdentityEngine project there to act as a mediator / bridge to possible other existing enterprise IdM systems. In retrospect, I'm no longer sure that adds much value. 5. It's entirely possible that a better approach would be to rip out the existing OQ IdM 'stuff' and just plop in Sun's OpenSSO / OpenFederation / OpenDS / OpenPTK stack. I'm doing some research on that point at this very moment, while also continuing to work on the existing OQ stuff based on CAS and the IdentityEngine. 6. Part of the point in rolling out this initial, somewhat naive, built-in IdM was to give us a test platform to experiment with issues around (1) above. To that point, I've been working on the possibility of making CAS an OpenID Relying Party, so that a user can login to OQ through OpenID and get the full CAS SSO experience. 7. Much research still needs to be done to sort out the best approach(es) to handling (1) above. OpenID may well be part of that solution, along with OAuth, but don't hold me to that. SAML, WS-Federation and some of the Liberty Alliance stuff may also be useful. Still need to do more research there. 8. What works now is this: SSO using CAS, successfully integrates Roller, JavaBB and our "User Console" app. Roller has a mechanism for fully externalizing user management, so it's not technically required to provision a new user into the Roller user table, although that code is still in place at the moment. JavaBB, on the other hand, does not (yet) have that ability, so when we create a new user, we have to populate the JavaBB user table. 9. One of the big things I want to determine is "what are the implicatiosn for user provisioning, when using an external authentication source like OpenID?" See comment (6) above. Getting that done will enable some experimenting around how this will work in principle. 10. User provisioning with SPML is also of interest. 11. The IdentityEngine exposes remote interfaces using EJB3 SLSBs, this is used by our implementation of the pluggable UserManager in Roller (there are use cases which require exposing APIs like "get list of users" and "get user by name" etc. In addition, we have to be able to authenticate "out of band" to enable authentication for the MetaweblogAPI interface (and presumably APP as well). 12. Another point that has not been addressed at all is two-factor (or multi-factor in general) authentication. If anything else comes to mind, I'll make a follow up post. Please send other questions to the dev@ mailing-list...
Finally back to work on OpenQabalSo after a rather long hiatus - due mainly to a political campaign - we're finally getting back to work on OpenQabal here. Of course our old road-map is now shot to heck, so it's going to take a while to sit down and put together a new plan and get some momentum going again. But I can say that a lot of work has been done the past week. Some of the needed work done includes: swapping all of the EJB2 SLSBs that were in place for remoting with EJB3 SLSB's instead, plugging in some of the JMS event messaging code that had been planned (and prototyped like 2 years ago!), renaming some modules, some serious refactoring in the IdentityEngine project, and - last but not least - getting the CruiseControl build-loop all sorted out so that everything builds continuously again. So what's next in the short-term? Some or all of the following:
So, what's going on with OpenQabal anyway?Anyone following the OpenQabal project may be wondering: "What the heck is going on? No recent commits to SVN, no blog posts... what's up, is this dead or what?" Well, the answer is "No, the project is hardly dead." It has been on something of a hiatus however, as the main developer is currently running a campaign for NC Lieutenant Governor and has been a touch occupied the past month or two. Rest assured though, that things will get back to normal. I'm hoping to get some work done this weekend, and once the election is over, the pace should pick up again. Unfortunately the old road-map is totally hosed now, at least as far as schedule goes, so that will need to be re-worked. In the meantime, feel free to grab the code, experiment, research, submit proposals, patches, etc. And definitely email me with any questions or concerns.
OpenQabal 0.0.3 availableOpenQabal 0.0.3 has been released and is now available from the SVN repo. As with previous releases, there are not yet pre-built binary releases available... you will have to check the code out from SVN and build it. Thankfully this process is now *much* easier as a result of massive work on the build system and the addition of scripts to automate most of the tedious stuff. You can now essentially build and install OpenQabal with 4 commands. Changes in this release include:
2 more tasks until OpenQabal 0.0.3 can be releasedFinally getting closer and closer to getting this OpenQabal release out. The last two tasks to do are: A. verify the new SQL which includes a "seed" admin user, and B. make the install/config/uninstall scripts and any utility scripts working on Windows. Most of that stuff is in Ruby so it should be pretty portable, but there are some Bash scripts which will need equivalents written as DOS batch files. Ugh. Still, this stuff should be done soon, maybe tonight, which means the release should happen in the next day or two. In other news, I've started working on getting setup with Amazon EC2, in order to host a "demo" instance of OpenQabal. And after that, I think I need to go on holiday for a while. :-)
OpenQabal UpdateOk, the new OpenQabal release that was mentioned a few weeks ago is *finally* eminent. No really, it's coming soon. The big hold-up turned out to be a bit of Roller integration that had been overlooked. Getting single-sign-on and integration with the centralized identity stuff working using Acegi and CAS takes care of web access; and that stuff has been in place for a while now. But at some point we realized that API access for posting new blog entries also needed to be wired into the new authentication stuff. And that's a whole new can of worms. Basically, deciding to implement that in this release meant moving forward with implementing an initial version of what we're calling the IdentityEngine, which will eventually be the centralized source for all things identity, vis-a-vis OpenQabal. Even for OpenID logins or other logins using an external authentication provider, OpenQabal has to keep track of that that that such-and-such identity exists, and map it to resources, etc. So getting this piece in place was kind of a big deal, even if this first cut at it is fairly naive. Anyway, with that in place and API access now working, the last things left to do before a release are basically all "fit and polish" work. Clean up some loose ends here and there, more testing, tweaking the SQL scripts and the install scripts. Oh, and the install stuff needs to be tested on Windows and any relevant tweaks made. At any rate, if things go well, look for the new release maybe this weekend, or early next week.
Update on my Data Portability presentation @ "Refresh The Triangle"So apparently there was some miscommunication or whatever, and I'm not going to be presenting at this month's Refresh The Triangle after all. I am, however, now officially "on the hook" to present a talk on Data Portability at the September "Refresh" meeting. The actual date will be Thursday, Sept. 25, 2008. Location TBD, as far as I know. Check the Refresh website for more details.
Keep up with the latest Advogato features by reading the Advogato status blog.