Closed abergs closed 3 years ago
Hello everyone - I'll be working on the steps to onboard the project - we will be following this checklist
Project Agreement is out for signing - thanks!
Agreement is signed. CLA bot instructions are coming out next
@dnfadmin has been invited to the organization.
CLA bot is now configured - post onboarding steps email coming out shortly
All on-boarding work is complete, outside of me adding the newsletter announcement
Added to the next newsletter - this is the final item, so closing out this onboarding work item!
1. General Information
Project Name: fido2-net-lib
License: MIT
Contributor (Company, Organization or individual name(s)): Anders Åberg, Alex Seigler
Existing OSS Project? (Yes/No): Yes
Source Code URL: https://github.com/abergs/fido2-net-lib
Project Transfer Signatories:
2. Description
Please provide a brief statement about your project in terms that are understandable to the target consumer of the library or project, i.e. an elevator pitch for the project:
Enable passwordless sign in for all .net apps (asp, core, native). To provide a developer friendly and well tested .NET FIDO2 Server / WebAuthn relying party library for the easy validation of registration (attestation) and authentication (assertion) of FIDO2 / WebAuthn credentials, in order to increase the adoption of the technology, ultimately defeating phishing attacks.
Please provide a 1 sentence (<140 character) summary of your project to help users when searching the .NET Foundation projects
.net library for passwordless sign in powered by fido2 and webauthn
3. Project Governance
Please complete this section about who will be maintaining the open source project and how it will run. Project Lead:
Name: Anders Åberg Email: anders@andersaberg.com GitHub Profile URL: https://github.com/abergs
Committers:
Governance Model:
Please describe how new code changes are proposed to the project, how those changes are reviewed and how a decision is made to accept proposed changes. Also describe the process for identifying and appointing new committers.
Contributions are done via Pull Requests. They are only merged after CI/CD pipelines with unit tests and coverage are verified. Review is done by one of the Committers. All changes are categorized and automatically made part of release notes. We welcome PRs from anyone. Appointing new commiters (with write permission) to the repo requires OK from majority of existing committers.
CLA
Currently no CLA is enforced.
CLA Notification Alias cla@passwordless.dev
Assignment Model. Under the .NET Foundation assignment model, project ownership and other intellectual property is assigned to the .NET Foundation and the .NET Foundation agrees to grantback a license to the contributor(s).
Contribution Model. Under the .NET Foundation contribution model, a project retains ownership of the project, but grants the .NET Foundation a broad license to the project’s code and other intellectual property. The project also confirms that the project’s submissions to .NET Foundation are its own original work (there are also instructions for any third party materials that might be included).
4. Repository Layout
The .NET Foundation host guidance for new projects and details on recommended structure here: https://github.com/dotnet/home/tree/master/guidance
Note that the open source repository should be the master where changes are made by the core development team using the same PR process that is used for non-committer contributions.
Please define below any changes you would want to make to your repositories as part of the process of joining the .NET Foundation
Moving it to passwordless GH organization Assigning copyright to .net foundation in license file. Evaluate if notice.md is required for dependencies. Enable code-signing with cert
5. Eligibility Criteria
Please complete the following for your project
6. PR Plan
The story is "Community driven effort to eliminate phising attacks against applications in the .net ecosystem, backed by .net foundation". The foundation helps establishing trust, which is an important factor.
7. Infrastructure Requirements
CI/CD is already powered by Azure Pipelines. Webhosting is powered by Anders Åbreg. I believe we need a code signing cert to correctly sign nuget package.
8. Additional Notes
We're excited to join the .net foundation in order for more members of the .net ecosystem to discover and be comfortable adopting this new and secure technology, ultimately defating phising attacks against consumers.