History: Tiki Suite brainstorming
Preview of version: 529
- what needs should be covered and
- which components should be part of the suite
Related: Components and criteria and features.
Anything not needed by 80% of organizations should be on the Specialized components section. Previous brainstorming is available at here.
Security
Make sure we have a Security roadmap with all current chosen components, as we don't want to change later to improve security.
Desktop environments
See also: Tiki Suite Desktop
User have choice, but we should pick a suggested minimal Linux desktop. By default, no apps, and users install / activate what they need.
- http://www.linuxquestions.org/questions/2013-linuxquestions-org-members-choice-awards-109/window-manager-of-the-year-4175488211/
- Todo: try https://susestudio.com/
- Todo: document shared drives for data
- http://www.reddit.com/r/linux/comments/2c4ps0/if_linux_desktop_environments_were_knives/
- http://en.wikipedia.org/wiki/Comparison_of_X_Window_System_desktop_environments
- http://www.zdnet.com/six-clicks-2014s-top-linux-desktops-7000026367/
- http://www.engadget.com/2012/11/30/how-to-pick-a-desktop-environment-in-linux/
- http://www.techradar.com/news/software/operating-systems/best-linux-desktop-which-is-ideal-for-you--1194516
- http://www.clearcenter.com/support/documentation/clearos_guides/install_graphical_desktop_for_clearos
- https://www.openhub.net/orgs/xfce
Desktop apps
For installation & upgrades
- Subuser - Securing the Linux desktop with Docker
- Zero Install
- Portable Apps for Windows and Linux
- use RPMs
- Apps that self-update like Ind.ie Pulse
- https://people.gnome.org/~alexl/glick2/
Single Sign On (SSO)
ClearOS permits centralized user & group management. So a user has the same username & password for ClearOS (to update their password and user certificates for OpenVPN), Tiki, XMPP (Prosody & Jitsi), Email (Zarafa & Thunderbird) and Flexshares (Samba shared folders accessible locally or via VPN). The system can also permit / restrict usage of many of the ClearOS apps. BigBlueButton & Kaltura users authenticate through Tiki, but it would be better if they could also authenticate directly to ClearOS. OwnCloud has OpenLDAP integration with ClearOS (Not in Tiki Suite, but still very useful for any ClearOS instance)
"The Account Synchronization app makes it easy to synchronize users, groups and passwords across multiple ClearOS Professional installations." -> http://www.clearcenter.com/support/documentation/user_guide/account_synchronization
However, users still need to login to each app. We should progress to a Single Sign On solution. ClearOS should be an IdP (Identity Provider) and also should be able to be a SP (Service Provider).
Related:
ClearOS: Investigate the addition of a Single Sign On (SSO) solution
http://tracker.clearfoundation.com/view.php?id=1873
ClearOS: Add two-factor authentication
http://tracker.clearfoundation.com/view.php?id=1412
Add Global Address Book app
http://tracker.clearfoundation.com/view.php?id=1260
Brute force attack protection for web config and SSH
http://tracker.clearfoundation.com/view.php?id=1831
Protocols:
- SAML
- OpenID Connect
- Central Authentication Service (CAS)
- etc.
User story:
- Login to ClearOS (or perhaps to any of the apps)
- Have links to all apps available in SSO. This should be made available to the apps so they can include in their GUI (ex.: nav bar)
- User clicks on any link in the nav bar, which takes to that site, and logs them in transparently and securely
Target apps for Tiki Suite
- Zarafa webmail
- Tiki Wiki CMS Groupware
- Web interface to XMPP server as per http://tracker.clearfoundation.com/view.php?id=1714
Other target apps for ClearOS:
- Joomla!
- WordPress
- OwnCloud
Desktop & mobile apps should also be covered.
Since ideally, ClearOS can act as an IdP, it would be best to support the protocols used by a large enough number of apps
Related projects
"A library for implementing an OAuth2 Server in PHP. Has been extended to support OpenID Connect identity provider functionality." Source: http://openid.net/developers/libraries/
Related links
- http://en.linagora.com/produits/linid
- http://www.trishburgess.com/trishs-blog/intro-to-openid-oauth-and-saml
- https://packagist.org/search/?q=saml
- https://packagist.org/search/?q=openid
- https://packagist.org/search/?q=cas
- https://packagist.org/search/?q=oauth
- https://packagist.org/search/?tags=OpenID%20Connect
- http://www.softwaresecured.com/2013/07/16/federated-identities-openid-vs-saml-vs-oauth/
- http://www.onelogin.com/application-vendors/the-difference-between-openid-saml-and-oauth/
- http://www.onelogin.com/application-vendors/openid-or-saml-for-enterprise-sso/
- https://www.drupal.org/project/simplesamlphp_auth
- https://www.drupal.org/project/openid_connect
- https://www.drupal.org/project/saml_sp
- https://www.drupal.org/project/oauth2_server
- http://openid.net/developers/libraries/
- https://developers.google.com/google-apps/sso/saml_reference_implementation?csw=1
- https://developers.google.com/accounts/docs/OAuth2Login
- http://www.gluu.org/docs/#what-are-the-future-identity-protocols-and-is-the-gluu-server-future-proof
- https://blog.surfnet.nl/wp-content/uploads/2013/04/SURFnet-OpenID-Connect-1.1-.pdf
Other apps
- VLC cross-platform, including F-Droid
Server-side text editor
vi is the default on ClearOS, but it's unnecessarily complex.
- Replace for crontab editor, svn commit message, etc.
- Ideally, it's the same tool throughout Tiki Suite (thus same as desktop text editor)
- Options
- nano
- pico
- ed
- Syntax highlighter
Kolab
See also: Kolab
Forum Mailing List
https://fedorahosted.org/hyperkitty/
Public web indexing
Syndication