Thibault Martin commented: In my understanding we need to have three "trust level" regarding our infrasturcture: * Anonymous - no account created * Community - people who have created an account, but are not part of the Foundation * Foundation - foundation members We also need a list of all the services (not only applications, but the service provided) we provide, and map the trust level we have for each. A silly exmaple: | Application | Anonymous | Community | Foundation | | ----------- | --------- | --------- | ---------- | | Gitlab | Nothing | Create repos | Create repos | | Nextcloud Files | Nothing | 0GB quota | 1GB quota | | Nextcloud Office | Nothing | Read documents shared | Create and share | | Rocket Chat | Nothing | Chat | Create channels | | Discourse | Read topics | Create topics | Create topics | I think @averi could provide a list of the apps we host, and I can certainly make it a list of services we provide. That would be the very fist step. If we had unlimited time and people to work on this I’d draft the following roadmap: 1. For each application we have, check if we can bind an existing local account to a LDAP account 1. Set-up a SSO to allow user-friendly workflows with self-service registration and password reset 1. Communicate on our different services to ask non LDAP users to register for a "GNOME Community Account" and link to the table as above so they understand what such an account will bring them; and announce that non LDAP accounts will not allow them to be used anymore 1. Close registration on all the services except through the SSO 1. Give users a way to reconciliate their local accounts with their new LDAP account (which, to be scaled, must be automatable, which probably means some development should be carried on) 1. Make all our hosted services exclusively use either the SSO (recommended) or the LDAP (if SSO not available) Its feasibility depends on the time Andrea and Bart have. -- Reply to this email directly or view it on GitLab: https://gitlab.gnome.org/Infrastructure/Infrastructure/-/issues/433#note_953031 You're receiving this email because of your account on gitlab.gnome.org.
_______________________________________________ gnome-infrastructure mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
