When looking to deploy new software at the Haus, we have a set of requirements that are common across most pieces of software. These requirements are driven by our lack of desire to manually tinker with software every 5 minutes.
We internally use an LDAP repository wherever possible. However we can also provide prehashed passwords in a variety of formats. DO NOT EXPECT US TO PROVIDE CLEAR TEXT PASSWORDS OR PASSWORDS HASHED WITH SOME RANDOM ALGORITHM (we don't store recoverable passwords).
We prefer you use something like an SSHA hash as it has the added advantage of using a salt.
Internally we use an LDAP repository for a variety of systems. However we can also configure your product with authorization details where required. If we had to do that, we'd prefer to use XML-RPC or SOAP to do so.
If your product requires detailed configuration per project, please make sure it's scriptable. We generally don't choose products that require manual configuration.
All services should be configurable using either XML-RPC, SOAP or a RESTful interface.
Please make sure your products remote interfaces will work with modest levels of users - eg. 10000 users, 100s of groups. Some products have not been tested with larger numbers of users / groups and their remote interfaces fail to work in our environment.
Codehaus has a fairly simple model, however it is not overly flexible.
Users are generally classified into one or more roles - Operations, Despots, Developers, Contributors, Anonymous.
- Operations are administrators of the product. They have full access to everything.
- Despots are administrators of a particular project - they should be able to fully control their section of the product, but not be able to control the overall configuration.
- Developers will typically be able to configure most of their section of the product, but will not generally have full control of that section.
- Contributors will be able to view and possibly edit parts of their section. They will generally not be able to control much of their section
- Authenticated will be able to make comments or add attachments. They will not generally be allowed any other manipulation capabilities
- Anonymous may or may not have any access to the product.
Typically if there is a hierarchy in the product, we prefer
(Realm) -> (Organization) -> (Project) -> (Anything else)
which equates to
Codehaus Foundation -> Codehaus -> XFire -> (Anything else)
Codehaus Foundation -> Rubyhaus -> Daemontools4R -> (Anything else)
Realm can generally be ignored as we only run 1 realm per server.
If your product can do VHosting, we would normally consider vhosting it at the organisation level:
product.codehaus.org -> XFire -> Anything else
product.rubyhaus.org -> Daemontools4R -> Anything else