Plans
This may begin with prose, and expand into something like a project plan at some point. This need not be a complete schedule, but it will make sense to include the steps and approaches, milestones, etc.
Dependencies
As mentioned in the description of Nuxeo and the Nuxeo Analysis, the Nuxeo framework incorporates support for both authentication (AuthN) and authorization (AuthZ).
As a minor form of advance preparation for the possibility, however remote, that the Services Team may encounter issues - such as documentation shortcomings, implementation difficulties, or missing capabilities - in this support, one widely and favorably discussed alternative in the Java security frameworks space appears to be:
- JSecurity.
JSecurity is billed on its About page as "extremely easy to use and understand. An evaluating developer should grasp all the fundamentals within 10 minutes." It is "POJO and interface based ... you can use it in any pojo container, servlet container, J2EE application server, or standalone application out of the box." This framework is licensed under an Apache 2.0 license, which may potentially be compatible with CollectionSpace licensing requirements.
Test Plan
This should describe how the new service implementation will be tested. The testing here could include white box style test, unit test, and/or integration tests.