[core-workflow] bugs.python.org-related GSoC project

Barry Warsaw barry at python.org
Wed Mar 18 17:35:57 CET 2015

On Mar 19, 2015, at 12:37 AM, Nick Coghlan wrote:

>In the case of Roundup, the data model is actually very REST friendly,
>as the existing XML-RPC interface already embodies the "collections of
>resources" approach. In theory, it should "just" be a matter of
>exposing those collections through an appropriate set of APIs (and
>figuring out things like access management, etc).

This is probably getting off-topic, but MM3 took the approach that the core
engine's REST API deliberately doesn't do access management.  We call it an
"administrative API" and only run it on localhost (configurable of course, but
we tell admins never to run it on a public IP).

This opens up a wide range of very interesting possibilities.  Our web ui is
written entirely against the API so while you could use the one we'll release,
you're not tied to it at all.

Another interesting piece is the public REST proxy, which *will* be available
on a public IP.  This is where access management is implemented.  It uses
information from the core, but has its own model for restricting and
controlling access.  This means it can be implemented independently, deployed
or not deployed independently, and even completely replaces by downstream

Anyway, we're really happy with the way this architecture has turned out.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/core-workflow/attachments/20150318/54bb5982/attachment.sig>

More information about the core-workflow mailing list