-
Notifications
You must be signed in to change notification settings - Fork 605
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
122ed51
commit fbdd3a1
Showing
2 changed files
with
76 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| Sustainsys.Saml2 Contribution Guidelines | ||
| =============== | ||
|
|
||
| Sustainsys.Saml2 is maintained by and have mostly been developed by Sustainsys in Stockholm, Sweden. | ||
|
|
||
| Being a security library, it is important that all code in the library follows high quality standards | ||
| and is easy to read and maintain. Automated tests are required for any features added. | ||
|
|
||
| When doing work on protocol features, it is recommended to consult | ||
| [the official SAML specifications](<https://wiki.oasis-open.org/security/FrontPage#SAMLV2.0Standard>). | ||
|
|
||
| Issue tracking | ||
| -------------- | ||
| Github issues are used to keep track of issues and releases. For requests of functionality or to | ||
| report bugs, please open an issue in the github repo. It is advised to open an issue describing the plans | ||
| before starting any coding work. Discussing before writing code significantly reduces the risk of | ||
| getting a pull request denied. | ||
|
|
||
| Versioning | ||
| ---------- | ||
| Sustainsys uses semantic versioning as defined on http://semver.org/. | ||
| Given a version number MAJOR.MINOR.PATCH, increment the: | ||
|
|
||
| * MAJOR version when you make incompatible API changes, | ||
| * MINOR version when you add functionality in a backwards-compatible manner, and | ||
| * PATCH version when you make backwards-compatible bug fixes. | ||
|
|
||
| Coding Conventions | ||
| ------------------ | ||
| The coding conventions follow the classic .NET style of coding, with the following styles: | ||
|
|
||
| * Always use ``{}`` for if statements, even when there is only one line. | ||
| * Code analysis is enabled and all code should compile without compiler warnings or code analysis errors. | ||
| Code analysis warnings that are not relevant are supressed in the source. Rules should only be disabled on a | ||
| global level if it really is appropriate to disable the rule for the entire code base. | ||
| * Private members in classes are named with camelCasing, no underscores. | ||
| * Member variables are not prefixed with ``this``. unless required to resolve ambiguity (such as in a | ||
| constructor having parameters with the same name as the members). | ||
| * Any single method is short enough to fit on one screen (on a typical laptop monitor, | ||
| not a 30-inch development monster-monitor). | ||
| * The code is formatted to (mostly) fit in 80 columns. | ||
|
|
||
| Unit Tests | ||
| ---------- | ||
| The Sustainsys.Saml2 library has been developed using TDD (Test Driven Development). All functionality is covered | ||
| by tests, and it will remain that way. Pull requests will only be merged if they contain tests covering the | ||
| added functionality. | ||
|
|
||
| Branching | ||
| --------- | ||
| To make a clean pull request, it is important to follow some git best practices. Nancy has an | ||
| [excellent guide](https://github.com/NancyFx/Nancy/wiki/Git-Workflow) that outlines the steps required. | ||
|
|
||
| Licensing | ||
| --------- | ||
| The library is licensed under MIT (for the `develop` branch) and by submitting code it is accepted that the | ||
| submitted code will be released under the same license. Third party code may only be added to the | ||
| library if the author of the pull request holds the copyright to the code, or the code is previously | ||
| licensed under a license compatible with MIT. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,31 +1,32 @@ | ||
| [](https://github.com/Sustainsys/Saml2/actions/workflows/dotnet.yml) | ||
| [](https://gitter.im/Sustainsys/Saml2) | ||
|
|
||
| Sustainsys.Saml2 | ||
| ============= | ||
|
|
||
| The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site | ||
| to act as a SAML2 Service Provider (SP). The library was previously named Kentor.AuthServices. | ||
|
|
||
| Sustainsys.Saml2 is open sourced and contributions are welcome, please see | ||
| [contributing guidelines](docs/contributiong.rst) for info on coding standards etc. | ||
| ## Documentation | ||
| Usage documentation is available at [our documentation site](https://saml2.sustainsys.com). | ||
|
|
||
| ## Commercial Options and Sustainable model for Open Source | ||
| When I started the Sustainsys company, the idea was to try to find a sustainable model for open source work. Maintaining an open source library takes time. The issue and PR list and constantly requires work to keep it clean (I've not always succeeded, I know). Bug reports by e-mail of possible security vulnerabilities need to be evaluated and handled - even if they often turn out to be incorrect. Any pull request - especially for a security library - need to be carefully evaluated to make sure it works and doesn't break any existing behaviour. All of this takes time and my idea was to create commercial options that were attractive enough to fund actual working time on the library. It has partly succeeded, but not to the extent that I can spend the time I want on the library. | ||
| If you are using the Sustainsys.Saml2 package in a larger organisation, please sign up for a commercial support package (mail to [email protected] for options). That will give your organisation support - and also support maintenance and development of the library. | ||
|
|
||
| ## Branches | ||
| There are three active branches in the repo | ||
| * develop is development for a new version (will be released as v3 eventually) that only supports Asp.Net Core. | ||
| * v1 is a supported version that uses the `System.IdentityModel` library for token handling and supports HttpModule, Mvc, Owin and AspNetCore2 (only on full. Net Framework). This branch will only receive security fixes or critical compatibility fixes for major browsers. | ||
| * v2 is a currently supported version that uses the `Microsoft.IdentityModel` nuget packages for toking handling, multi-targets and supports HttpModule, Mvc, Owin and AspNetCore2. This branch will only receive security fixes or critical compatibility fixes for major browsers. Exceptions for new features can also be done for paying customers with support contracts. | ||
| * master is deprecated and only kept around to ensure all old links pointing to it works. | ||
| There are three active branches in the repo. | ||
| * `develop` is development for a new version (will be released as v3 eventually) that only supports Asp.Net Core. | ||
| * `v1` is a supported version that uses the `System.IdentityModel` library for token handling and supports HttpModule, Mvc, Owin and AspNetCore2 (only on full. Net Framework). This branch will only receive security fixes or critical compatibility fixes for major browsers. | ||
| * `v2` is a currently supported version that uses the `Microsoft.IdentityModel` nuget packages for toking handling, multi-targets and supports HttpModule, Mvc, Owin and AspNetCore2. This branch will only receive security fixes or critical compatibility fixes for major browsers. Exceptions for new features can also be done for paying customers with support contracts. | ||
| * `maste` is deprecated and only kept around to ensure all old links pointing to it works. | ||
|
|
||
| ## Current Development Goals | ||
| ## Development | ||
| The current development goals are to get a new, more flexible architecture. | ||
| * The metadata handling has been broken out to a library that can be reused seprately. The metadata library contains tools to work with XML Documents and XML Signatures. | ||
| * The metadata handling has been broken out to a library that can be reused seprately. The metadata library contains tools to work | ||
| with XML Documents and XML Signatures. | ||
| * Use the Asp.Net Core RemoteAuthenticationHandler as a base class. | ||
| * Better support for the AspNet Core configuration system. | ||
| * Federations will be an own Authentication handler type (`builder.AddSaml2` vs `builder.AddSaml2Federation`). | ||
|
|
||
| ## Documentation | ||
| Usage documentation is available at [our documentation site](https://saml2.sustainsys.com). | ||
|
|
||
| ## Commercial Options and Sustainable model for Open Source | ||
| When I started the Sustainsys company, the idea was to try to find a sustainable model for open source work. Maintaining an open source library takes time. The issue and PR list and constantly requires work to keep it clean (I've not always succeeded, I know). Bug reports by e-mail of possible security vulnerabilities need to be evaluated and handled - even if they often turn out to be incorrect. Any pull request - especially for a security library - need to be carefully evaluated to make sure it works and doesn't break any existing behaviour. All of this takes time and my idea was to create commercial options that were attractive enough to fund actual working time on the library. It has partly succeeded, but not to the extent that I can spend the time I want on the library. | ||
| If you are using the Sustainsys.Saml2 package in a larger organisation, please sign up for a commercial support package (mail to [email protected] for options). That will give your organisation support - and also support maintenance and development of the library. | ||
| Sustainsys.Saml2 is open sourced and contributions are welcome, please see [contribution guidelines](CONTRIBUTING.md) | ||
| for info on coding standards etc. |