Featuring Compatible Commercial Offerings

[pdubz3]

Zowe needs a place where vendors can feature their Zowe-compatible commercial offerings.

The Zowe Doc is not the right place to link to specific commercial solutions. It creates the impression that Zowe endorses those solutions, and that the Zowe community validates them in an ongoing manner as well. Following the discussion on today's ZAC call, I'll be creating an issue for the Doc Squad to update the Zowe doc wherever commercial offerings are currently named (or linked) to be absolutely clear that these references cannot be interpreted as an endorsement, and there is no expectation of the community to validate the compatibility of those solutions in any way.

Meanwhile, we need to create a place where consumers can find the list of vendor solutions that are compatible with Zowe for various purposes, like Multi-Factor Authentication which started the entire conversation. Vendors should be able to request that their products are added to the list provided that they continuously validate those solutions for compatibility.

[jmertic]

Doesn't the Zowe Conformance Program address this?

[pdubz3]

Not completely. It certainly does for commercial offerings that provide conformant desktop applications or APIs or CLI plugins. However, there are more ways to be compatible with Zowe and we don't have conformance programs in place for all of them. The compatibility that drove the conversation this morning is Multi-Factor Authentication. Today, the Zowe documentation explicitly lists (and links to) a commercial offering which is known to be compatible with Zowe to provide MFA support. It excludes any other commercial offerings, and it gives the appearance of an endorsement. See https://github.com/zowe/docs-site/issues/1963 for more information on that. We don't have a conformance program for MFA, or anything that would qualify to cover this. But we've had customers say that they can't move forward with Zowe unless it supports MFA, and those customers need to know which solutions might work for them.

[jmertic]

Sounds like a conformance program would be the right way to go - that lets the community set the specific requirements and have it be independently validated. Otherwise, ownership of adding new entities is up to the doc squad which I don't think is what folks are after.

[armstro]

Not sure we are on the same page here - they are not integrating with Zowe. Zowe is integrating with another piece of software - a proprietary one. If the MFA product(s) had their own conformance program then yes Zowe conforming to their criteria would make sense but there is none. This is Zowe making use of one or more vendor specific interfaces due to security requirements from our consumers.

[jmertic]

Good points @armstro.

I think the two things I'm hearing from this thread are...

1) Zowe project itself shouldn't be in the position of recommending MFA solutions. 2) A new MFA solution effectively needs to be a committer to Zowe to have its solution supported, which isn't good either.

Those two points are what was driving me to think of going down the path of the Zowe Conformance Program. If the belief is that MFA solution vendors wouldn't look to test/assert conformance with Zowe, then that might make that approach problematic.

We might want to scope this issue tighter.

[armstro]

Closing as immedidate situation for this github item has been addressed via equal treatment in the zowe docs. This type of Zowe integration not quite a fit for conformance program - ZAC will monitor for vendor neutral practices to be followed and will raise an issue if/when needed