-
Notifications
You must be signed in to change notification settings - Fork 86
Roadmap #359
Comments
Thanks for asking these questions. Most everyone currently relying on this code knows what’s going on, so I had not planned to announce any of this until we have more of the details sorted out. Currently all of the work is taking place in other repositories under this GitHub org. For the past several months we have been collaborating with folks (particularly @dmitrizagidulin) at MIT CSAIL on OIDC-based authentication for Solid. The different assumptions in the context of that project required extracting OIDC-specific code to libraries for directly integrating into the Solid server. Library usage (vs running a full auth server) is not recommended for most users since the security devil lives in the details. This design rethink supports the kind of internal architecture for the next major version of Anvil that we have been planning and laying the groundwork for during the past 18 months. Doing all of this work “correctly” (in our opinions) has been a Herculean task that involved rethinking how cryptography should work in Node.js and addressing conceptual challenges in other dependencies that ended up requiring more than a PR or two to sort out. At the same time, the overall endeavor is transitioning from being backed by consulting and commercial support to a purely non-profit model. All the code from Anvil Research will be donated to a new consortium at MIT. I joined MIT Connection Science full time in November to work on next generation identity and privacy-respecting infrastructure, including building on the work we’ve done here so far and hacking on projects like OPAL and Enigma. Another major contributor to Anvil, Greg Linklater (@EternalDeiwos) at Rhodes University, has joined us part time at MIT as well. This move frees us to pursue more technically ambitious and high impact goals without having to worry about directly monetizing the software or supporting commercial users, both of which have proven to be incredibly distracting and not particularly fruitful. We are planning to implement a 2.0 version of Anvil but it will likely be several months before that work can begin in earnest. In the meantime, we understand you may want to use a different IdP server. Thanks again. |
As Christian mentioned, lately we've been focusing primarily on several component libraries:
So the good news is that we now have all of these standards-based modular component libraries (written in ES6), which are being transferred for further development and maintenance to an MIT consortium. The bad news (for you as a developer looking for OIDC libraries for immediate use), is that the new libraries are under-documented, and are being beta-tested as we speak. :) You are absolutely correct to notice the lack of maintenance activity on this repo. This is purely because there is furious work being done under the surface, in other libs. We do plan to build a standalone OIDC Provider server, an Anvil Connect version 2, based on the new libraries. But as Christian said, that's a bit down the road. Please let us know if you have further questions. |
Hi, Could you please provide some update on this project situation? Thanks!! |
Hi @robertomatute (and everyone patiently waiting for updates). Thanks for reaching out! This repo has obviously fallen behind. The really good news is that @LegallyGeek is kindly taking up the cause of bringing dependencies up to date. We'll have a new release when it comes together. If anyone wants to help out, new contributors are welcome. The fantastically great news is that our engineering team, now at MIT's Connection Science and Trust::Data Consortium, is larger, better supported, and more focused than ever. Anvil Connect was the gateway for several of us into the frontiers of applied cryptography, decentralized identity, privacy-preservation, and digital trust. We're not saying much at the moment, but that's because we have our hands full with heavy lifting on new research at MIT that far surpasses what we have here in potential and scope. Much of that work is not yet publicly visible, although it is all MIT licensed. We're gradually extracting modules into public packages and the complete works will be released as our research program advances. In the meantime, we've made many hundreds (probably thousands) of commits to other repositories in this org. A few examples: https://github.com/anvilresearch/webcrypto Some of these packages are alpha, while others are approaching stable release. They might be useful to you as is, and will find their way back into the auth server as the pieces come together. There's a lot of work to do here. We're gradually starting to work on documentation and polish, and would love to have some folks kicking the tires and giving feedback. Thanks again. Also, while we're here, I want to acknowledge the brilliant and inspired recent efforts of @dmitrizagidulin, @EternalDeiwos, @cstefanache, @thelunararmy, @johnny90, and countless others who have contributed in the past and continue to support our obsessions. Thank you all :) |
Hi there, Thanks for your work on this awesome project. Could you please provide some update? Thanks :) |
Hi,
I am currently in the process in choosing an identity provider for a project I am working on. I generally like what I see about Anvil Connect but I am somewhat startled by the lack of maintenance. Specifically
nv
andnvl
commands in the documentationAnd these are just the things I noticed over one day of looking into the project.
Therefore I would really like to hear about the project's road map. Is it indeed actively maintained? What are the development goals? When to you hope to implement what? How do you differentiate yourself from other projects?
The text was updated successfully, but these errors were encountered: