[
https://issues.apache.org/jira/browse/WHIMSY-54?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951929#comment-15951929
]
Sam Ruby commented on WHIMSY-54:
--------------------------------
I'm confused. HTTPD does the initial auth, and HTTPD is configured via puppet,
hence the configuration in infrastructure_puppet.
Some apps have additional authentication requirements. For example, the board
agenda tool: it is accessible by both officers and members - something that
isn't directly supported by HTTPD. So the board agenda too is configured to
require committers on HTTPD, and the board agenda tool will apply additional
filters. In fact, the board agenda tool will allow access by invited guests
that aren't officers or members; inclusion in the roll call is sufficient to
provide access.
Other portions of the URL space (for example, the board/minutes) are open to
all.
Perhaps this could be documented better?
> Re-organise auth. by TLD?
> -------------------------
>
> Key: WHIMSY-54
> URL: https://issues.apache.org/jira/browse/WHIMSY-54
> Project: Whimsy
> Issue Type: Improvement
> Reporter: Sebb
>
> Various parts of Whimsy require auth.
> At present this is done per app, which results in quite a complicated scheme.
> Also the auth conf is held in puppet whereas the app is in the Whimsy repo,
> so it's tricky to relate them.
> When adding a new app, the puppet config has to be updated as well.
> This can easily be overlooked.
> Maybe we should just use auth at the top level directory?
> This might require some apps to be moved, but would be much simpler to
> maintain going forward.
> The following levels are used currently:
> None
> ASF Committers
> ASF Members and Incubator PMC
> ASF Members and Officers
> ASF Members
> ASF Secretarial Team
> This suggests the following directories as a minimum:
> committers
> incubator
> officers
> members
> secretary
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
