docs: Updates issue and pull request templates (#153)

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
-**Table of Contents**
+
 
 - [Introduction](#introduction)
 - [Contributing Code](#contributing-code)
@@ -16,82 +16,104 @@
 
 ## Introduction
 
-Please note: We take ORY Keto's security and our users' trust very seriously. If you believe you have found a
-security issue in ORY Keto, please responsibly disclose by contacting us at hi@ory.sh.
+Please note: We take ORY Keto's security and our users' trust very
+seriously. If you believe you have found a security issue in ORY Keto,
+please responsibly disclose by contacting us at hi@ory.sh.
 
-First: if you're unsure or afraid of anything, just ask or submit the issue or pull request anyways. You won't be
-yelled at for giving it your best effort. The worst that can happen is that you'll be politely asked to change
-something. We appreciate any sort of contributions, and don't want a wall of rules to get in the way of that.
+First: if you're unsure or afraid of anything, just ask or submit the issue or
+pull request anyways. You won't be yelled at for giving it your best effort. The
+worst that can happen is that you'll be politely asked to change something. We
+appreciate any sort of contributions, and don't want a wall of rules to get in
+the way of that.
 
-That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts
-and ensure that your contribution won't clash or be obviated by ORY Keto's normal direction. A great way to do this is via
-the [ORY Community](https://community.ory.sh/) or join the [ORY Chat](https://www.ory.sh/chat).
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by ORY Keto's normal direction. A great way to
+do this is via the [ORY Community](https://community.ory.sh/) or join the
+[ORY Chat](https://www.ory.sh/chat).
 
 ## Contributing Code
 
-Unless you are fixing a known bug, we **strongly** recommend discussing it with the core team via a GitHub issue or
-[in our chat](https://www.ory.sh/chat) before getting started to ensure your work is consistent with
-ORY Keto's roadmap and architecture.
+Unless you are fixing a known bug, we **strongly** recommend discussing it with
+the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat)
+before getting started to ensure your work is consistent with ORY Keto's
+roadmap and architecture.
 
-All contributions are made via pull request. Note that **all patches from all contributors get reviewed**. After a pull
-request is made other contributors will offer feedback, and if the patch passes review a maintainer will accept it with
-a comment. When pull requests fail testing, authors are expected to update their pull requests to address the failures
-until the tests pass and the pull request merges successfully.
+All contributions are made via pull request. Note that **all patches from all
+contributors get reviewed**. After a pull request is made other contributors
+will offer feedback, and if the patch passes review a maintainer will accept it
+with a comment. When pull requests fail testing, authors are expected to update
+their pull requests to address the failures until the tests pass and the pull
+request merges successfully.
 
-At least one review from a maintainer is required for all patches (even patches from maintainers).
+At least one review from a maintainer is required for all patches (even patches
+from maintainers).
 
-Reviewers should leave a "LGTM" comment once they are satisfied with the patch. If the patch was submitted by a
-maintainer with write access, the pull request should be merged by the submitter after review.
+Reviewers should leave a "LGTM" comment once they are satisfied with the patch.
+If the patch was submitted by a maintainer with write access, the pull request
+should be merged by the submitter after review.
 
 ## Disclosing vulnerabilities
 
-Please disclose vulnerabilities exclusively to [hi@ory.am](mailto:hi@ory.am). Do not use GitHub issues.
+Please disclose vulnerabilities exclusively to [hi@ory.am](mailto:hi@ory.am). Do
+not use GitHub issues.
 
 ## Code Style
 
 Please follow these guidelines when formatting source code:
 
-* Go code should match the output of `gofmt -s`
+- Go code should match the output of `gofmt -s`
 
 ## Pull request procedure
 
-To make a pull request, you will need a GitHub account; if you are unclear on this process, see GitHub's
-documentation on [forking](https://help.github.com/articles/fork-a-repo) and [pull requests](https://help.github.com/articles/using-pull-requests).
-Pull requests should be targeted at the `master` branch. Before creating a pull request, go through this checklist:
+To make a pull request, you will need a GitHub account; if you are unclear on
+this process, see GitHub's documentation on
+[forking](https://help.github.com/articles/fork-a-repo) and
+[pull requests](https://help.github.com/articles/using-pull-requests). Pull
+requests should be targeted at the `master` branch. Before creating a pull
+request, go through this checklist:
 
-1. Fork this repository and create a branch off of `master` so that changes do not get mixed up.
-2. Create a local directory ory in your `$GOPATH/src/github.com`
-3. `cd $GOPATH/src/github.com` and `git clone <YOUR_FORKED_REPO>`
-4. Make sure `keto` resides in `$GOPATH/src/github.com/ory/keto`
-5. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local changes against the `master` branch.
-6. Run the full project test suite with the `go test ./...` (or equivalent) command and confirm that it passes.
-7. Run `gofmt -s` (if the project is written in Go).
-8. Ensure that each commit has a subsystem prefix (ex: `controller: `).
-9. To run make scripts like `make sdk`, please make sure to install [go-swagger](https://github.com/go-swagger/go-swagger/blob/master/docs/install.md) and [goreturns](https://github.com/sqs/goreturns).
+1. Create a feature branch off of `master` so that changes do not get mixed up.
+1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local
+   changes against the `master` branch.
+1. Run the full project test suite with the `go test ./...` (or equivalent)
+   command and confirm that it passes.
+1. Run `gofmt -s` (if the project is written in Go).
+1. Ensure that each commit has a subsystem prefix (ex: `controller:`).
 
-Pull requests will be treated as "review requests," and maintainers will give feedback on the style and substance of the patch.
+Pull requests will be treated as "review requests," and maintainers will give
+feedback on the style and substance of the patch.
 
-Normally, all pull requests must include tests that test your change. Occasionally, a change will
-be very difficult to test for. In those cases, please include a note in your commit message explaining why.
+Normally, all pull requests must include tests that test your change.
+Occasionally, a change will be very difficult to test for. In those cases,
+please include a note in your commit message explaining why.
 
 ## Communication
 
-We use [discord](https://www.ory.sh/chat). You are welcome to drop in and ask questions, discuss bugs, etc.
+We use [discord](https://www.ory.sh/chat). You are welcome to drop in and ask
+questions, discuss bugs, etc.
 
 ## Conduct
 
-Whether you are a regular contributor or a newcomer, we care about making this community a safe place for you and
-we've got your back.
-
-* We are committed to providing a friendly, safe and welcoming environment for all, regardless of gender,
-    sexual orientation, disability, ethnicity, religion, or similar personal characteristic.
-* Please avoid using nicknames that might detract from a friendly, safe and welcoming environment for all.
-* Be kind and courteous. There is no need to be mean or rude.
-* We will exclude you from interaction if you insult, demean or harass anyone. In particular, we do not tolerate
-    behavior that excludes people in socially marginalized groups.
-* Private harassment is also unacceptable. No matter who you are, if you feel you have been or are being harassed or
-    made uncomfortable by a community member, please contact one of the channel ops or a member of the ORY
-    Keto core team immediately.
-* Likewise any spamming, trolling, flaming, baiting or other attention-stealing behaviour is not welcome.
-
-We welcome discussion about creating a welcoming, safe, and productive environment for the community. If you have any questions, feedback, or concerns [please let us know](https://www.ory.sh/chat).
+Whether you are a regular contributor or a newcomer, we care about making this
+community a safe place for you and we've got your back.
+
+- We are committed to providing a friendly, safe and welcoming environment for
+  all, regardless of gender, sexual orientation, disability, ethnicity,
+  religion, or similar personal characteristic.
+- Please avoid using nicknames that might detract from a friendly, safe and
+  welcoming environment for all.
+- Be kind and courteous. There is no need to be mean or rude.
+- We will exclude you from interaction if you insult, demean or harass anyone.
+  In particular, we do not tolerate behavior that excludes people in socially
+  marginalized groups.
+- Private harassment is also unacceptable. No matter who you are, if you feel
+  you have been or are being harassed or made uncomfortable by a community
+  member, please contact one of the channel ops or a member of the ORY
+  Keto core team immediately.
+- Likewise any spamming, trolling, flaming, baiting or other attention-stealing
+  behaviour is not welcome.
+
+We welcome discussion about creating a welcoming, safe, and productive
+environment for the community. If you have any questions, feedback, or concerns
+[please let us know](https://www.ory.sh/chat).

README.md

@@ -69,16 +69,21 @@ Each mechanism is powered by a decision engine implemented on top of the
 ## Who's using it?
 
 <!--BEGIN ADOPTERS-->
-The ORY community stands on the shoulders of individuals, companies, and maintainers. We thank everyone involved - from
-submitting bug reports and feature requests, to contributing patches, to sponsoring our work. Our community is
-1000+ strong and growing rapidly. The ORY stack protects 1.200.000.000+ API requests every month with over
-15.000+ active service nodes. Our small but expert team would have never been able to achieve this without each and
-everyone of you.
 
-The following list represents companies that have accompanied us along the way and that have made outstanding contributions
-to our ecosystem. *If you think that your company deserves a spot here, reach out to <a href="mailto:hi@ory.sh">hi@ory.sh</a> now*!
+The ORY community stands on the shoulders of individuals, companies, and
+maintainers. We thank everyone involved - from submitting bug reports and
+feature requests, to contributing patches, to sponsoring our work. Our community
+is 1000+ strong and growing rapidly. The ORY stack protects 1.200.000.000+ API
+requests every month with over 15.000+ active service nodes. We would have never
+been able to achieve this without each and everyone of you!
 
-**Please consider giving back by becoming a sponsor of our open source work on <a href="https://www.patreon.com/_ory">Patreon</a> or 
+The following list represents companies that have accompanied us along the way
+and that have made outstanding contributions to our ecosystem. _If you think
+that your company deserves a spot here, reach out to
+<a href="mailto:hi@ory.sh">hi@ory.sh</a> now_!
+
+**Please consider giving back by becoming a sponsor of our open source work on
+<a href="https://www.patreon.com/_ory">Patreon</a> or
 <a href="https://opencollective.com/ory">Open Collective</a>.**
 
 <table>
@@ -145,6 +150,12 @@ to our ecosystem. *If you think that your company deserves a spot here, reach ou
             <td align="center"><img height="32px" src="./docs/adopters/arduino.svg" alt="Arduino"></td>
             <td><a href="https://www.arduino.cc/">arduino.cc</a></td>
         </tr>
+        <tr>
+            <td>Sponsor</td>
+            <td>OrderMyGear</td>
+            <td align="center"><img height="32px" src="./docs/adopters/ordermygear.svg" alt="OrderMyGear"></td>
+            <td><a href="https://www.ordermygear.com/">ordermygear.com</a></td>
+        </tr>
     </tdbody>
 </table>
 
@@ -156,23 +167,67 @@ as well as all of our backers
 
 <a href="https://opencollective.com/ory#backers" target="_blank"><img src="https://opencollective.com/ory/backers.svg?width=890"></a>
 
-and past & current supporters (in alphabetical order) on [Patreon](https://www.patreon.com/_ory): Alexander Alimovs,
-Billy, Chancy Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, TheCrealm.
+and past & current supporters (in alphabetical order) on
+[Patreon](https://www.patreon.com/_ory): Alexander Alimovs, Billy, Chancy
+Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans,
+TheCrealm.
 
-<em>* Uses one of ORY's major projects in production.</em>
+<em>\* Uses one of ORY's major projects in production.</em>
 
 <!--END ADOPTERS-->
 
+
 ### Installation
 
 Head over to the documentation to learn about ways of [installing ORY Keto](https://www.ory.sh/docs/next/keto/install).
 
 ## Ecosystem
 
 <!--BEGIN ECOSYSTEM-->
+We build Ory on several guiding principles when it comes to our architecture design:
+
+- Minimal dependencies
+- Runs everywhere
+- Scales without effort
+- Minimize room for human and network errors
+
+ORY's architecture designed to run best on a Container Orchestration Systems such as Kubernetes, CloudFoundry, OpenShift, and similar projects.
+Binaries are small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) and operating
+systems (FreeBSD, Linux, macOS, Windows) without system dependencies (Java, Node, Ruby, libxml, ...).
+
+### ORY Kratos: Identity and User Infrastructure and Management
 
+[ORY Kratos](https://github.com/ory/kratos) is an API-first Identity and User
+Management system that is built according to
+[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy).
+It implements core use cases that almost every software application needs to
+deal with: Self-service Login and Registration, Multi-Factor Authentication
+(MFA/2FA), Account Recovery and Verification, Profile and Account Management.
+
+### ORY Hydra: OAuth2 & OpenID Connect Server
+
+[ORY Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and OpenID Connect
+Provider can connect to any existing identity database (LDAP, AD, KeyCloak, PHP+MySQL, ...)
+and user interface.
+
+### ORY Oathkeeper: Identity & Access Proxy
+
+[ORY Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust
+Identity & Access Proxy (IAP) with configurable authentication, authorization,
+and request mutation rules for your web services: Authenticate JWT, Access Tokens,
+API Keys, mTLS; Check if the contained subject is allowed to perform the request;
+Encode resulting content into custom headers (`X-User-ID`), JSON Web Tokens
+and more!
+
+### ORY Keto: Access Control Policies as a Server
+
+[ORY Keto](https://github.com/ory/keto) is a policy decision point. It uses a
+set of access control policies, similar to AWS IAM Policies, in order to
+determine whether a subject (user, application, service, car, ...) is authorized
+to perform a certain action on a resource.
 <!--END ECOSYSTEM-->
 
+
 ### Examples
 
 The [ory/examples](https://github.com/ory/examples) repository contains numerous examples of setting up this project and combining it with other services from the ORY Ecosystem.

SECURITY.md

@@ -1,20 +1,28 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+**Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*
+
+- [Security Policy](#security-policy)
+  - [Supported Versions](#supported-versions)
+  - [Reporting a Vulnerability](#reporting-a-vulnerability)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
 # Security Policy
 
 ## Supported Versions
 
-We release patches for security vulnerabilities.
-Which versions are eligible receiving such patches
-depend on the CVSS v3.0 Rating:
+We release patches for security vulnerabilities. Which versions are eligible
+receiving such patches depend on the CVSS v3.0 Rating:
 
-| CVSS v3.0  | Supported Versions                        |
-| ---------- | ----------------------------------------- |
-| 9.0-10.0   | Releases within the previous three months |
-| 4.0-8.9    | Most recent release                       |
+| CVSS v3.0 | Supported Versions                        |
+| --------- | ----------------------------------------- |
+| 9.0-10.0  | Releases within the previous three months |
+| 4.0-8.9   | Most recent release                       |
 
 ## Reporting a Vulnerability
 
 Please report (suspected) security vulnerabilities to
-**[security@ory.sh](mailto:security@ory.sh)**. You will receive
-a response from us within 48 hours. If the issue is confirmed,
-we will release a patch as soon as possible depending on complexity
-but historically within a few days.
+**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from
+us within 48 hours. If the issue is confirmed, we will release a patch as soon
+as possible depending on complexity but historically within a few days.