[Please Read] Current state of this project?

Question

[Please Read] Current state of this project?

Opened this issue 4 years ago · 4 comments

Hi,
I'd like to better understand the current state of this project. Sorry for asking this in GitHub but it looks like the google groups and slack channel are no longer active. Which is one reason I am even asking the question.

I understand that it has recently been forked from the oracle speedle project, but I can also see that there has been little activity on it. There doesn't seem to be a published docker image despite docker being listed as a deployment option in the docs. The helm chart is not published either.

These are all red flags for me signifying a dead or dying project. However, given that it was recently forked I figured I would at least ask before ruling it out.

We are currently looking at OPA and Casbin. I am currently leaning more towards Casbin because of the persistent storage options. The fact that OPA runs all in memory is a limitation that we don't want to deal with. But then I came across Speedle. The API looks a lot nicer than Casbin and (at least from the surface) it seems a bit more flexible as well. So I would like to know if Speedle is even an option, given it's current state of development, before I sink too much time into it.

So what is the current state of the project and where is it going?

Thanks,
Jordan

Answer 1 · 2020-09-13T11:49:00.000Z

hi Jordan,

Thanks for asking this in GitHub! :-) The project is still alive. Actually we are monitoring both Slack and Google groups. If you asked the question there, you would get a prompt response too.

Currently the project is maintained by Cynthia, Bill, myself, and other ex-Oracle colleagues who worked on Speedle project. We maintain it in our spare time as volunteers. There is no commercial companies behind the project. So it doesn't look as "active" as other options you mentioned. However, I'd like to share a few facts here.

Speedle project is adopted by quite a few companies, including but not limited to the largest reinsurance company in Asia, a nation-wide real estate company in China, an ISV offering DevOps system, etc. We spent zero-effort on promoting the project. These companies made the decision to adopt Speedle rather than other options based on their own analysis/testing on the players in this field.
We are adding new features to Speedle project, slowly (I have to admit it). After moving to the new repo, we added MongoDB and policy management console. More features are planned too. I don't think we can speed up in short time unless we get more volunteers to help out or find sponsors.
As I said above, we are monitoring Slack channels and google groups and providing prompt response to any questions. We are really happy to see people show their interest in the project and appreciate any questions, issues, or even challenges. The latest question in Slack is Brian's question about MongoDB support. Cynthia answered the question yesterday. We commit to providing fix to all reported bugs in time.
Speedle is very stable, scalable, and high performance. We built it up based on our 20-year experience in fine-grained access control field. I guess that probably partially results in the "inactive" community. :-) Frankly speaking, I checked with several Speedle users in the past a few months, "did you encounter any issues with Speedle?" They all answered "so far so good". When you compare Speedle with other alternatives, just try them in the toughest scenarios. Think about there are 1 million policies defined the policy store, can we manage the policies efficiently and get authorization result in a few milliseconds? (Don't laugh, it is a real world use case. I once met a customer who created 4 millions of policies. It is crazy I agree though); Can it handle 100,000 authorization checks per second? how many resource will it consume? how about 1,000,000 authorization calls? is it linear scalable? does the project offer tools helping you managing policies or extending the authorization engine? Is the policy definition language intuitive enough such that system administrators, business administrators, internal auditors, lawyers or non-technical senior management all understand it? Is it possible to build a flexible policy model with the project/product? etc etc

I'll leave the issue open such that others who are interested in the project can get some clues too.

Please feel free to let me know (on Slack, github issues, etc) for any further questions.

Thanks,
William

Answer 2 · 2020-09-13T12:58:19.000Z

There doesn't seem to be a published docker image despite docker being listed as a deployment option in the docs. The helm chart is not published either.

Please check https://speedle.io/docs/deployment/ for details.

Answer 3 · 2020-09-13T19:50:39.000Z

@caiwl Thank you for the detailed and prompt response. I really appreciate it.
My comment on the slack community was only because when I clicked the link on the website it says that it is no longer active. I can't actually join. Same when I click the google groups link on the website; it says "Content unavailable". So I assumed they had been shut down.
That deployment page is what I was referring to. It says

Before deploying Speedle manually, you need to build Speedle and build and push the Speedle Docker images.

Which tells me that there is no official docker image.
And the same is true for the helm chart. It's just part of the repo. I can't do helm repo add ... and then helm install ... and get up and going easily.
Neither of those things are a big deal. I'm perfectly capable of cloning the repo, building the images, customizing the helm chart, and deploying it myself. But together with the other things I mentioned at least caused me to hesitate and ask this question.
I'm glad that the project is stable and under active development. I will definitely not be crossing it off my list yet.

Thanks again.

Answer 4 · 2020-09-14T12:09:33.000Z

Hi Jordan,

My comment on the slack community was only because when I clicked the link on the website it says that it is no longer active. I can't actually join. Same when I click the google groups link on the website; it says "Content unavailable". So I assumed they had been shut down.

My bad! I forgot to update Slack invitation link in speedle.io web page. Just corrected the link and Google group setting. Both Slack link and google group link should work now.

Which tells me that there is no official docker image. And the same is true for the helm chart. It's just part of the repo. I can't do helm repo add ... and then helm install ... and get up and going easily.

@bill828 I recollect that you planned to add the docker build/publishing logic to pipeline. Any progress so far?

I'm glad that the project is stable and under active development. I will definitely not be crossing it off my list yet.

Thank you very much. If you need any help, please feel free to let us know in Slack.

Thanks,
William