This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IULdavU1ggjkj6HqLT3HatPBtc5OtUGPl Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Quack, On 06/17/2016 04:55 PM, Barak Korren wrote:
As long as we allow more then one provider, and also allow for some fre= e ones like Fedora its not bad at all IMO. And it has the nice benofit of=
not having to secure any user credential database on our infra.
It's not bad, just better to have choice not to rely on them if you (as a user) wish IMO. Also I though having a direct compatibility with MM2 would ease transition (as pointed out by Evgheni), but this is not an option right n= ow.
We've been using that approach on oVirt Gerrit forever, and are looking=
at ways to expand it to other parts of the infra.
Forever is irrelevant. If it suits the projects' needs in the contrary, then let's do this way.
Long term we would probaly like all authentication done against prividers via some sort of an sso layer, while authorization will be based on group assignments in Gerrit.
Maybe freeipa could help building this. I think Misc as more experience with this; he could probably give some advice. So as for now: - Google OAuth: enabled but not working yet, waiting to have access to data to create the API credentials - Fedora: works well, tested with Misc's account - Persona: works well - OpenID: tested with LaunchPad/UbuntuOne, works well but URL has to be entered manually, so maybe the page could be tweaked to have links like in Gerrit Would it be sufficient to begin with? I think we should warn users they would need to have their email address registered on some provider if not already done (in the announcement). \_o< --IULdavU1ggjkj6HqLT3HatPBtc5OtUGPl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXaQVvAAoJEFXp+fesHEQ/VkkP/RpOeoOVNKyYRckaiTk73Jso 4rCwgi6puA2YyZ1pMx/hXSN1HnbgVsoSbqs7an5vMIT4MBFLVgkM1L8t86GUTAOP b/otW2nr8l+yeDWKrb3mA5Hg/0QRcdVn2sGcbPtKvxfq84O3VFZishe+8k9qGzHS HvGyHhi/aZ1/Jnf1xAmRv3oyx6dQFVVT+Ri5CQ4Hv8m1lTnAm5DbUi/KYhqp0nwB 4ikN8SioTpdi614Wqjbn3mfQbMFNInYYE0mv8+7Y7AbXobczcFm7ueYbhVBPCKYD onADP0FA2xgVJ57tW1nvvj4SS+wlmDQe7T6z978BbjmRXemcOUqgoyyGY46GsAAE z602CmC0D8EolxEjJ8TzAQIiZgdg00pk9Efi2rtJSzsMrv9SgynHUsqmn5dB8e5f QDPm+5Bd+cxGmqBgknSMBLyo8jGV0h+GdPAR26RgP4K9uQ0wOcy7ekB6M3JQcAAe 5d/c2TCrPImJeihSPM/pHLf+B+VZ7FDWEmPvrrttVmRoDUN3bOmMDnJzIO7jQvRQ eW8pEmzSV1q7zzf1eGZPkIXY633YlZSbiVoC3ECg875Jlv3qGybp03v5fhDEzxc4 /u5cD796LI7Ekcx2XFWgAMhfxTfEd4Exc/DS0w3PXw+Iyyhnj0/iI6ujsCjrymDC 3gZSXETnOO390NZTgTqm =YIUL -----END PGP SIGNATURE----- --IULdavU1ggjkj6HqLT3HatPBtc5OtUGPl--