From bbfd3a1989a174caa23fa6ff80ba46f6e9978377 Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Fri, 4 Mar 2016 10:30:17 -0800 Subject: [PATCH 1/2] Documentation: update roadmap for 0.4 release cycle --- Documentation/roadmap.md | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/Documentation/roadmap.md b/Documentation/roadmap.md index b49553a8..f49bffac 100644 --- a/Documentation/roadmap.md +++ b/Documentation/roadmap.md @@ -1,17 +1,39 @@ -# dex Roadmap +# dex 0.4 Roadmap -Here's some of the things that are priorities for the folks working on dex here at CoreOS. +These are the roadmap items for the dex team over the 0.4 release cycle (in no particular order). -## OpenID Connect Client Self-Registation (Issue #186, PR #267) +## Groups -Having clients be able to [register themselves](https://openid.net/specs/openid-connect-registration-1_0.html) and manage their own secrets and metadata will be extremely helpful in bootstrapping situations. +Start work on groups. -## Refresh Tokens (Issue #261) +* Add groups (#175) -We currently have refresh tokens implemented as per the OpenID Connect core spec, but we have no way to revoke them. We will probably implement the [OAuth2 token revocation spec](https://tools.ietf.org/html/rfc7009) and/or a UI for revocation. +## Refresh tokens -## Groups (Issue #175) +Finish work on refresh token revocation. -We want to add support to dex for managing and querying groups of users. The idea is that this will serve as the building blocks for creating authorization systems which use dex. [The proposal](https://docs.google.com/document/d/1OCKW-8rBCngBFWMMrSGokKqWt-a8lg3WvfrejcETBMA/edit#heading=h.9kkruegwavaf) is mostly settled but still should be considered a Work in Progress. +* API endpoints for revoking refresh tokens (#261) +## dexctl rework +Deprecating dexctl’s --db-url flag. Achieve feature parity between existing commands and the bootstrapping API, then have all dexctl actions go through that. + +* Overarching issue of deprecating --db-url flag (#298) +* Add client registration to bootstrapping API (#326) +* Set connector configs through bootstrapping API (#360) + +## Review UX + +Review the current UX around registration, login, invite emails, etc. and present assets to the CoreOS design team for feedback. + +* Easier registration on first login (#310) +* Not correctly handling expired tokens (#355) +* Draft website wireframes for dex (#361) + +## Further server side cleanups + +Establish idioms for handling HTTP requests, create a storage interface for backends, and continue to improve --no-db mode. + +* Improve server code and storage interfaces (#278) +* Fix client secrets encoding in --no-db mode (#337) +* Easier specification of passwords in --no-db mode (#340) From dd1eb3f7e7006a5a86b535a74d9d4649542771c0 Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Wed, 9 Mar 2016 12:46:17 -0800 Subject: [PATCH 2/2] Documentation: UX review pushed back to 0.5 --- Documentation/roadmap.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/Documentation/roadmap.md b/Documentation/roadmap.md index f49bffac..e7b789eb 100644 --- a/Documentation/roadmap.md +++ b/Documentation/roadmap.md @@ -22,14 +22,6 @@ Deprecating dexctl’s --db-url flag. Achieve feature parity between existing co * Add client registration to bootstrapping API (#326) * Set connector configs through bootstrapping API (#360) -## Review UX - -Review the current UX around registration, login, invite emails, etc. and present assets to the CoreOS design team for feedback. - -* Easier registration on first login (#310) -* Not correctly handling expired tokens (#355) -* Draft website wireframes for dex (#361) - ## Further server side cleanups Establish idioms for handling HTTP requests, create a storage interface for backends, and continue to improve --no-db mode.