TL;DR Should we be allowed to create mozilla.org email aliases to manage
OAuth2 accounts associated with Mozilla projects?
(Not sure if this is appropriate for governance, but it is all we could
think of)
One issue that we are facing more and more is that modern authentication
methods, particularly OAuth2, are forcing us to open accounts at service
providers linked to email accounts in order for our applications to
access those providers. Within Thunderbird and related projects, we have
at least the following OAuth2 accounts:
1) Google Calendar
2) Twitter (separate accounts for Thunderbird chat as well as
Instantbird chat)
3) Box.com for Thunderbird filelink
4) Gaia email has a GMail account
Related: there is an address [email protected] which is the owner
of the official Mozilla Thunderbird twitter feed.
We are also in the process of releasing OAuth2 for Gmail in Thunderbird,
and face the issue of what email address to link to that?
Essentially that email account owner also owns the relationship between
the provider (Google, Box, Twitter) and the relevant Mozilla application.
In the past, individuals have setup these accounts with their own
emails, either personal or in some cases individual mozilla.org email
accounts. For example, I recently setup a login page for GMail to be
used with Thunderbird using my gmail email address. That email address
is visible within the Google permissions page if you click on the a
particular information link. Also from my experience, the email address
associated with an account is hard or impossible to change.
It seems to me a better approach to handling these service accounts
would be to setup an alias at mozilla.org that could serve as the
visible email owner of an OAuth2 account, as well as receive the emails
associated with the account that could manage, for example, password
resets. As people come and go though, the alias could be changed to
point to the correct current project owner in an organized manner using
authority structures under Mozilla control.
Is there likely to be any resistance to setting up these accounts with
mozilla.org email addresses for community-driven projects? Who is in
charge of this whole process? Is there any policy around creating of
mozilla.org accounts as official-sounding email links for official
Mozilla projects?
We would like to create an alias [email protected] that
would have an associated Google developer account, that would serve as
the owner of the Thunderbird GMail OAuth2 account.
Or is this a non-issue and I should just file a bug to create the account?
R Kent James
Chair, Thunderbird Project
_______________________________________________
governance mailing list
[email protected]
https://lists.mozilla.org/listinfo/governance
