Git Product home page Git Product logo

cass's Introduction

CaSS

Competency and Skills Service -- Competency Management

Release Candidate: 1.5.60 Build Status
Supported: 1.4 Build Status
Supported: 1.3 Build Status
Supported: 1.2 Build Status

High level documentation
Developer documentation

Purpose of this Document

This document is intended to act as a technical guide to the installation of CaSS.

This installation of CaSS will provide several components that operate to provide a working system. It is composed of:

  • The CaSS Repository, a Java application that runs in a Servlet Container, such as Tomcat.
  • The CaSS Library, a Javascript library that provides an interoperability layer between web applications and the CaSS Repository.
  • CaSS Embeddable Apps, a set of iframeable applications for branded web applications.
  • CaSS Adapters, an adapter that interprets xAPI statements and asserts competence, and an adapter that synchronizes competencies and frameworks to and from Moodle.

CaSS Libraries

From GitHub

https://github.com/cassproject/cass-npm

NPM

https://www.npmjs.com/package/cassproject

Installation

Ubuntu/Fedora Linux:

wget https://raw.githubusercontent.com/cassproject/CaSS/master/scripts/cassInstall.sh
chmod +x cassInstall.sh
sudo ./cassInstall.sh

During the installation, you will be asked to select a version to install. Versions are listed at the top of this document.

Docker

Docker images for standalone instances (based on Ubuntu) and distributed/scalable instances (based on Alpine Linux) can be found at:

https://hub.docker.com/r/cassproject/cass

Post Installation

To support open linked data, it is important that the objects created in CaSS have public, reliable URLs. For this:

  • Assign this server a domain name.
  • Enable HTTPS.
  • (Optional) Use a reverse proxy to control the endpoint closely.

Running Locally

After cloning this repository (ensure you use git clone with --recurse-submodules!), you can run CaSS locally.

Dependencies: Docker (will pull and run elasticsearch on port 9200)

Getting things up and running

  • git clone --recurse-submodules -b <branch> https://github.com/cassproject/CASS - Get the code.
  • npm i - Install dependencies.
  • npm run dev - Starts server, restarts server on-save.

In a separate command line, if you want unit tests:

  • npm run automocha - Runs both cass-npm and cass unit tests, runs them again on-save.
  • npm run automochafast - Runs cass unit tests, runs them again on-save.
  • npm run mocha - Runs cass-npm and cass unit tests.
  • npm run mochafast - Runs cass unit tests.

Generating documentation

Will be deposited in /docs

  • npm run docs

Running in myriad environments (requires Docker)

Where flavors are: ubuntu16, ubuntu18, ubuntu20, ubuntu18:13to15, standaloneWindows, standalone, testReplication

  • npm run buildRun:<flavor> - Wipes previous test container, builds and starts flavor container.
  • npm run buildRun:kill - Stops the running container.

Running it like it's in prod

  • npm run run:cassbase - Starts PM2 on localhost:8080/cass (used by cassInstall.sh)
  • npm run run:standalone - Starts PM2 on localhost/ (used by Docker installs)
  • npm run run - Starts PM2 on localhost:8080/
  • npm run logs - Tails logs.
  • npm run stop - Stops all PM2 services.

To get the process to restart when your linux machine restarts, run npm run pm2startup, run the command the process tells you to, and run npm run pm2save. For Windows, an additional library is needed to configure this.

A note on Elasticsearch and 1.5

Due to the performance improvements in the 1.5 version of CaSS, we highly recommend using Elasticsearch 7 with it as it's better configured to handle the load than previous versions.

Release Process

  • npm upgrade --save Review dependencies, autocomplete version numbers
  • Increment version number in package.json and src/main/swagger.json and docker-compose*.yml
  • Increment elasticsearch version number (in Dockerfile and docker-compose) to latest minor/revision in docker/standalone/DockerFile (https://hub.docker.com/_/elasticsearch)
  • Update src/main/webapp to point at the appropriate gh-pages commit.
  • npm install
  • npm run testWithCoverage
  • In another command window, npm run test:mocha - Must not fail any tests.
  • In another command window, npm run openapi:validate - Must not fail any tests.
  • In the command window running testWithCoverage, ctrl+c. Record the output of the code coverage for the tests in codeCoverage.md.
  • Update CHANGELOG.md
  • Update README.md
  • Run npm run buildRun:standaloneTest to ensure the container can build.
  • docker scout cves cass-test > scan-standalone.txt
  • Use Docker Desktop or the previous output to resolve any high or medium priority (6.0 CVSS and above) issues.
  • In another command window, npm run test:mocha - Must not fail any tests.
  • Run docker-compose up --build to ensure the container can build.
  • docker scout cves cass-cass > scan-node.txt
  • Use Docker Desktop or the previous output to resolve any high or medium priority (6.0 CVSS and above) issues.
  • In another command window, npm run test:mocha - Must not fail any tests.
  • Commit with release notes.
  • Tag commit with version number.

FIPS:

FIPS is supported both client-side and server-side in CaSS. Here is the relevant compatibility table.

Sources: https://www.openssl.org/blog/blog/2023/05/29/FIPS-3-0-8/

--> Server --> < 1.5.35 >= 1.5.35 with
OpenSSL 3.0.8 and
--force-fips
>= 1.5.35 with
OpenSSL 3.0.8 and
--force-fips and
env REJECT_SHA1=true
Client/Library
< 1.5.35 SHA-1 (no FIPS) SHA-1 (Verify only) Incompatible
< 1.5.35 and
OpenSSL 3.0.8 and
env FIPS=true
SHA-1 (partial FIPS) SHA-1 (Verify only) Incompatible
>= 1.5.35 SHA-1 (no FIPS) SHA-1 (Verify only*), SHA-256 (FIPS) SHA-256 (FIPS)
>= 1.5.35 and
env FIPS=true
SHA-1 (partial FIPS) SHA-1 (Verify only*), SHA-256 (FIPS) SHA-256 (FIPS)
>= 1.5.35 and
--force-fips
Incompatible SHA-256 (FIPS) SHA-256 (FIPS)

To get FIPS, it is recommended to use the docker container builds.

Partial FIPS means that we are still violating FIPS by using SHA-1 hashing. All other cryptographic operations are using the FIPS module.

Verify only uses the exception that permits SHA-1 verification but not generation.

Verify only* may fall back to SHA-1 verification if SHA-256 negotiation failed, but typically will not use SHA-1.

cass's People

Contributors

adl-trey avatar aleitat avatar brendon-stephens avatar dependabot-preview[bot] avatar dependabot[bot] avatar devlinjunker avatar floriantolk avatar gloverkari avatar ivanistheone avatar lomilar avatar miledivovic avatar otterlove avatar snyk-bot avatar torsten-simon avatar vbhayden avatar veden avatar whistlinjoe avatar woodkri avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

cass's Issues

Consider alternatives to the URL versioning scheme

RDF does not guarantee HTTP based retrieval mechanisms. Therefore, the effective method of creating redirects for HTTP requests to link from a typeless shortId or shortId (/data/ or /data//) to the @id (/data///) as links in data can cause issues.

This makes some CASS data incompatible with other RDF tools.

Expanding the scope of assertion processing.

Currently, assertion processing is scoped to understanding only competency assertions.
It is reasonable to recognize that individuals may be implied to be competent via the assertion of credentials, successful course completion, badges, etc.

Consider either automated processes that create artificial assertions based on rules regarding these other types of learning objects, or being able to interpret those assertions of credentials, badges, etc as assertions of competence of the competencies they assert.

Currently, some types of data that could be supported are:

  • In OpenBadges, an assertion may be made about an individual possessing a badge.
  • In xAPI, individuals complete learning activities (which include assessments).
  • In Caliper, Assessments and Assignables may be completed.
  • In CTDL, CredentialAssertions indicate an individual has a credential.

Licensing Issues

A number of open source licensed files have been copied into the project, but without following the licenses completely. For example, a number of files from forge are included, and you can find the license for forge here: https://github.com/digitalbazaar/forge/blob/master/LICENSE

Many of those files lack any licensing mention at all, such as: https://github.com/cassproject/CASS/blob/c7ad25089e93f10b77122a9df5456f0ec94766a9/src/webapp/cass.manager/forge/cipher.js

Others mention the licensing situation and link to the forge licensing file, but only reference it for themselves: https://github.com/cassproject/CASS/blob/master/src/webapp/cass.manager/forge/forge/ssh.js

However, the terms of the forge licenses aren't covered by just doing the latter, and are even less covered by doing the former. Since the CASS project is attempting to go Apache 2.0 for licensing, only the BSD license is viable. The BSD license requires that, in source code, the source code retain the license and the specific as-is clause. Files of either sort above do not.

Luckily this issue is fairly mild; it just gets more and more painful to fix the longer it goes unfixed.

One other licensing issue worth calling out is the inclusion of the LGPL'd json2xml code ( https://github.com/cassproject/CASS/blob/master/src/webapp/cass.example/js/vendor/json2xml.js ). That code is not compatible with the project's Apache 2.0 license ( http://www.apache.org/legal/resolved.html#category-x ).

There may be other licensing issues throughout, these are just ones that jumped out at me as I was looking through parts of the code. (Additionally, the structure of the code is going to make it difficult to update it as libraries change).

CTDL CSV import

Extend CSV import to translate from CTDL headers to CASS headers.

Node.js support for CASS js library

The JavaScript libraries for interacting with a CASS endpoint would be more useful if they could be run from within a non-browser JS environment such as Node. This is not currently the case. As the library is currently implemented, there are a couple of things in particular that are blocking this from being possible:

  • The scripts all share the global namespace and are not modular, so the only way to load them into node is to concatenate the files together and run that instead
  • The code makes use of browser primitives and DOM manipulation (global vars like document and window) as well as JQuery, which based on my limited knowledge does not appear to be very compatible with the Node environment.

Search Screen URL Param

When you go back to the search screen, the search parameters aren't re-used and are actually deleted. This might want to wait for the rollout of url parameter class in the ec ui framework

Improve/Fix RepoEdit

Copy button is broken
'Add Field' modal could be better
Delete needs a confirm
Add more types to change type list
'Add owner' button
Encryption/reader/privacy fixes

Explore credential assertions.

  • Should we advance assertions to include credential assertions?
  • What credential assertion models exist out there?
  • Which should we use?

Simplify ASN URLs

Please conform with the following API definition in order to achieve short URLs and fewer parameters:

/api/toAsn?id= --> /api/asn/ GET (use urlRemainder)
(URLs as Identifiers shouldn't have parameters)
/api/fromAsn --> /api/asn POST/PUT

Code to pull in to accept POST in LevrJS (shouldn't read from OS or URL params)

var file = fileFromDatastream.call(this,"multiPartPostName",null,"false");

Ubuntu 17.10 doesn't have Tomcat7 in the package manager, can't install CASS.

After Downloading CASS and starting the server on my machine I try to access http://localhost:8080/cass/cass.example/profile.html

However, before I even sign in, I get this error TypeError: me.usernameSalt is undefined

Closing this message takes me to the login page, where I try to create an account, only to get Remote Identity not configured. to pop up twice. and then just an empty profile, where all of the buttons prompt me to try and log in again.

I am using Ubuntu 17.10, and therefore had to update tomcat to tomcat8 if that makes any difference.

How do I fix this?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.