This page contains topics supporting ongoing discussion at dev@syncope.apache.org.
Compared to 2.1, a major architectural refactoring is proposed, with the following objectives:
- introduce a new, flexible UI for web access (Weblogin), which will replace the existing login forms for Admin Console and Enduser UI - more details
- introduce a new component (APIGW), which will provide API gateway features - more details
- introduce a new component (Keymaster) with purpose of coordinating all the other components, centralizing common configuration required by all domains; this will allow to go beyond the current multi-tenancy approach which requires a pre-existing Master domain and the need to handle off-line each domain's configuration
- split the existing features set into three subsets, so that any given deployment will pick only what required:
- idrepo - everything needed to manage identities as a repository: mainly, CRUD operations on Users, Groups and Any Objects
- idm - the provisioning features required to propagate, push and pull identities back and forth to External Resources
- am - the authentication and authorization features - mostly to build on top of existing libraries
Discussion items
- CLI was deliberately not included in the diagram above: since its introduction in 2.0, no usage at all was reported - maintenance cost does not appear worthwhile
- It is hard to imagine how the GUI installer can cope with such complexity; proposal is to remove it as well
- Enduser UI is currently implemented as AngularJS + Wicket application - but the AngularJS code appears somehow "disconnected" from the rest, and it has always been quite troublesome to troubleshoot - proposal is to rebuild as a pure Wicket application, maximizing re-use of components already working in Admin Console
- Keymaster shall be based on existing Open Source products as Apache Zookeper or Consul
- whilst in 2.1 all applications are built as Java EE, it could be the case to switch to a more microservice-friendly approach: if so, shall we base on
- Spring Boot
- PRO
- easy to migrate (being the current code Spring-based)
- widely adopted (status quo)
- can be easily converted to WAR, allowing traditional deployment in existing environments
- CONS
- not real microservice, mostly an embedded Tomcat
- PRO
- Eclipse Microprofile
- PRO
- promising approach, lot of rumors and buzz around
- microservice native
- CONS
- major rewrite needed in case Spring and / or CXF cannot be re-used
- different implementations available, not as stable and widespread as their Java EE counterparts
- PRO
- Spring Boot