[FR] Federation: Sharing items accross spaces #4562
Comments
p-fruck
added
enhancement
Sounds good, I created this issue to continue this discussion. I never worker with ActivityPub before but I'd be glad to take a look. It would be amazing if we would find some more devs integrated into the chaos community :) |
matmair
added
user interface
|
We might be able to use kepi as an inspiration, we can not use it directly as it is GPL2 (or later) and we are MIT. |
|
I'm not sure about the ActivityPub thing... I had a quick look into the specs and thought a bit about how it could be implemented but I came to the conclusion that it would just add overhead and wouldn't fundamentally solve our authorization problem. |
|
@Markus-Schwer there are tons of OSS inventory solutions; every few weeks a new one pops up - I have made a list of stable solutions in the space and there are 4 good (in my opinion) OSS on it.
At least I do not want InvenTree to be an identity provider. The project was not designed for it and there are virtually no account, moderation and audit features that would be crucially required for an IDP. This is the definition of feature creep and would pose a significant maintenance burden if it ever becomes popular. |
|
@matmair I understand the reasons why InvenTree should not become an IdentityProvider. However, imo @Markus-Schwer is right in that ActivityPub is not a suitable protocol to use here. As far as I understood ActivityPub has a strong focus on Social Media and during my research I did not understand how we would be able to deal with authorization in this context. Our goal is to share our inventory only with certain people of certain spaces (inventree instances). Also, people should be able to transfer items between two instances and thereby track where their items are located. As I cannot find any solution how to implement such functionality using ActivityPub, how would you to advice us how to continue on this feature? Is there any change of building and upstreaming such functionality in the InvenTree source code? Should we start developing a proof of concept using an API plugin? |
|
Feel free to submit a PR; A plugin is the right choice IMO as the feature is probably pretty standalone and should not require changes to core. TBH I do not see how this is valuable and not just confusing for the larger user base but maybe @SchrodingersGat wants to merge it nonetheless. |
|
I will be at 37c3 this year so if someone in this thread is there too and willing to talk about possible ways to implement this - I would be thrilled to do that. Supporting optional federation in some user-friendly form is a personal goal. Feel free to reach out via the mail in my profile if you are interested @p-fruck @Markus-Schwer |
Please verify that this feature request has NOT been suggested before.
Problem statement
This issue continues the discussion started here. To repeat the main idea:
I am part of a local chaos community that interacts with other regional chaos communities on a regular basis. Since all of these communities have their own assets inside their hacker/maker spaces, we wanted to implement some kind of inventory management system and collectively agreed on using InvenTree which makes it a common standard among our communities. Since those communities are decentralized and run their own independent infrastructure, they also have different InvenTree instances and authentication providers.
Since we share items across communities regularly, we wanted to have some functionality to share items across instances, so we can always keep track of the current location of our items. Since we trust the other communities, we also want to give them access to our InvenTree instance and manage the user permissions independently.
Suggested solution
The first idea that came to our mind was making InvenTree an OIDC provider.
Since we do not want to force other communities or individuals to some specific identity provider, we thought it would make sense for InvenTree to become its own identity provider (using the established OIDC standard) so that even communities/individuals using the integrated InvenTree (Django) accounts could authenticate against our instance using their respective account credentials. For now, this PR would allow us to give users of trusted InvenTree instances access to our instance simply by adding the foreign InvenTree instance as an OIDC provider. The users of this instance would the be able to manipulate items in our InvenTree. Based on this functionality, there should be features added in the future that allow for sharing resources like items and perhaps categories across instances using the InvenTree web GUI.
Describe alternatives you've considered
The following idea was provided by @matmair:
Examples of other systems
We might get some inspiration from nextcloud or the fediverse (e.g. looking at mastodon or some gitea federation proposals)
Do you want to develop this?
The text was updated successfully, but these errors were encountered: