Syncope

Abstract

The following proposal is about Apache Syncope, an Open Source system for managing identities in enterprise environments, implemented in JEE technology.

Proposal

Identity management (or IdM) represents the joint result of business process and IT to manage user data on systems and applications. IdM involves considering user attributes, roles, resources and entitlements in trying to give a decent answer to the question bumping at every time in IT administrators' mind: Who has access to What, When, How, and Why?

The goal for Syncope is to become reference implementation for Open Source Identity Management, a middleware area in which there are very few and not yet mature Open Source solutions available.

Current Features

  1. Identity and Role Administration
    1. Password management and Self-Service Operations
    2. Configurable Password encryption
    3. Attribute validators (Reg-Exp based and custom)
    4. Account Policy management
    5. Password Policy management
    6. Role-based provisioning
  2. Approval and Request Management
    1. End-User Request Management
    2. Approval workflow
    3. Workflow event notification
  3. Domain Integration
    1. Highly configurable communication with external resources
    2. Identity propagation towards external resources
    3. Identity synchronization from external resources (ActiveSync)
    4. Synchronization Policy Management
  4. System Administration
    1. RESTFul interface
    2. Web-based AJAX administration console
    3. Role-based administration
    4. Attribute schema, Derived attribute schema and Virtual Attribute schema management
    5. Role tree management
    6. Schedulable Task execution

Background

Syncope IdM is today an Open Source project with some experience (inception is dated about beginning of 2010), some releases and some significant deployments, mainly in Italy and the Netherlands, already licensed under the Apache License 2.0.

A defined roadmap is also available.

Rationale

Identity Management is a middleware area in which only proprietary vendors (like as Sun Microsystems, Oracle, Novell, IBM and others) used to be able to provide organizations with adequate tools. Such proprietary tools were also very often built to deal with widespread adopted FOSS enterprise systems like as LDAP servers (OpenLDAP, OpenDS), DBMS (MySQL, PostgreSQL) and webservices.

Moreover, the considerably high license cost of these products acts as a barrier for small or no-profit organizations that would instead benefit from applying identity management in their infrastructure.

Current Status

Meritocracy

As some of the initial project members are existing ASF committers, we recognize the desirability of running the project as a meritocracy. We are eager to engage other members of the community and operate to the standard of meritocracy that Apache emphasizes; we believe this is the most effective method of growing our community and enabling widespread adoption.

Core Developers

In alphabetical order:

  • Dino Anzellotti <dino.anzellotti at gmail dot com>
  • Francesco Chicchiriccò <ilgrosso at apache dot org>
  • Marco Di Sabatino Di Diodoro <mdisabatinodidiodoro at gmail dot com>
  • Fabio Martelli <fabio.martelli at gmail dot com>
  • Rene Mulder <rene.mulder at gmail dot com>
  • Massimiliano Perrone <MassimilianoPerrone at gmail dot com>
  • Nicola Scendoni <scendoni at gmail dot com>
  • Simone Tripodi <simonetripodi at apache dot org>
  • Geert van der Ploeg <geertpl at gmail dot com>

Alignment

The purpose of the project is to develop and maintain Syncope implementation that can be used together with other Apache projects in order to build an effective identity management infrastructure.

Known Risks

Orphaned Products

Syncope has already been deployed, mainly in Italy and the Netherlands - more details about such success stories on Syncope website.

In addition to core developers, some people offered their contributions by occasionally providing patches, finding and reporting bugs and writing documentation.

Inexperience with Open Source

All of the committers have experience working in one or more open source projects inside and outside ASF.

Homogeneous Developers

The list of initial committers are geographically distributed across the Europe with no one company being associated with a majority of the developers. Some of these initial developers are experienced Apache committers already and all are experienced with working in distributed development communities.

Reliance on Salaried Developers

To the best of our knowledge, Tirasa is the only entity sponsoring Syncope development.

Relationships with Other Apache Products

Syncope fits naturally in the ASF because it naturally completes a whole set of ASF projects dedicated to enterprise environments like as Geronimo, Directory, CXF, ActiveMQ and so on.

Moreover, Syncope could complete ASF coverage of middleware technologies by adding identity management to current ASF portfolio.

A Excessive Fascination with the Apache Brand

While the Apache Software Foundation would be a good home for the Syncope project, it already has some traction and it could live on its own - however we see reciprocal benefits for both the ASF and the project in adopting the brand to attract more people and enlarge users and developers communities.

Documentation

  1. The Syncope project page
  2. The Syncope project on Google Code
  3. The Syncope Wiki
  4. The public dev ML
  5. The public users ML
  6. The Syncope Issue Tracker
  7. The Syncope Continuous Integration system

Initial Source

The intial source comprises code developed on Google Code (TODO: contributed under Grant from Francesco Chicchiriccò for Syncope).

Source and Intellectual Property Submission Plan

Source code will be moved from Google Code space inside the SVN space of the podling.

External Dependencies

Build/Test time dependencies

  • Apache Maven - Apache License 2.0
  • JUnit - CPL License v1.0 - (Category B, used only in binary form)
  • H2 - dual licensed under EPL v1.0 and MPL 1.1 (Category B, used only in binary form)
  • Cargo - Apache License 2.0
  • Apache Tomcat - Apache License 2.0
  • Apache DS - Apache License 2.0

Cryptography

The project does not handle cryptography in any way but standard mechanism available at JDK level.

Required Resources

  • Mailing lists
    • syncope-private (with moderated subscriptions)
    • syncope-dev
    • syncope-user
    • syncope-commits
  • Subversion directory
  • Website
    • Wiki (Syncope)
  • Issue Tracking
    • JIRA (SYNCOPE)
  • Continuous Integration
    • Jenkins (Syncope)

Initial Committers

Names of initial committers - in alphabetical order - with current ASF status:

  • Dino Anzellotti <dino.anzellotti at gmail dot com> (ICLA Signed)
  • Francesco Chicchiriccò <ilgrosso at apache dot org> (PMC member)
  • Maurizio Cucchiara <mcucchiara at apache dot org> (PMC member)
  • Marco Di Sabatino Di Diodoro <mdisabatinodidiodoro at gmail dot com> (ICLA Signed)
  • Colm O Heigeartaigh <coheigea at apache dot org> (ASF Member)
  • Emmanuel Lecharny <elecharny at apache dot org> (ASF Member)
  • Fabio Martelli <fabio.martelli at gmail dot com> (ICLA Signed)
  • Rene Mulder <rene.mulder at gmail dot com> (ICLA Signed)
  • Massimiliano Perrone <MassimilianoPerrone at gmail dot com> (ICLA Signed)
  • Nicola Scendoni <scendoni at gmail dot com> (ICLA Signed)
  • Simone Tripodi <simonetripodi at apache dot org> (ASF Member)
  • Geert van der Ploeg <geertpl at gmail dot com> (ICLA Signed)

Sponsors

Champion

  • Simone Tripodi <simonetripodi at apache dot org>

Nominated Mentors

  • Colm O Heigeartaigh <coheigea at apache dot org>
  • Emmanuel Lecharny <elecharny at apache dot org>
  • Simone Tripodi <simonetripodi at apache dot org>

Sponsoring Entity

  • The Apache Incubator

Other interested people (in alphabetical order)

  • TBD
  • No labels