TL;DR Should we be allowed to create mozilla.org email aliases to manage OAuth2 accounts associated with Mozilla projects?

(Not sure if this is appropriate for governance, but it is all we could think of)

One issue that we are facing more and more is that modern authentication methods, particularly OAuth2, are forcing us to open accounts at service providers linked to email accounts in order for our applications to access those providers. Within Thunderbird and related projects, we have at least the following OAuth2 accounts:

1)      Google Calendar
2) Twitter (separate accounts for Thunderbird chat as well as Instantbird chat)
3)      Box.com for Thunderbird filelink
4)      Gaia email has a GMail account

Related: there is an address [email protected] which is the owner of the official Mozilla Thunderbird twitter feed.

We are also in the process of releasing OAuth2 for Gmail in Thunderbird, and face the issue of what email address to link to that?

Essentially that email account owner also owns the relationship between the provider (Google, Box, Twitter) and the relevant Mozilla application.

In the past, individuals have setup these accounts with their own emails, either personal or in some cases individual mozilla.org email accounts. For example, I recently setup a login page for GMail to be used with Thunderbird using my gmail email address. That email address is visible within the Google permissions page if you click on the a particular information link. Also from my experience, the email address associated with an account is hard or impossible to change.

It seems to me a better approach to handling these service accounts would be to setup an alias at mozilla.org that could serve as the visible email owner of an OAuth2 account, as well as receive the emails associated with the account that could manage, for example, password resets. As people come and go though, the alias could be changed to point to the correct current project owner in an organized manner using authority structures under Mozilla control.

Is there likely to be any resistance to setting up these accounts with mozilla.org email addresses for community-driven projects? Who is in charge of this whole process? Is there any policy around creating of mozilla.org accounts as official-sounding email links for official Mozilla projects?

We would like to create an alias [email protected] that would have an associated Google developer account, that would serve as the owner of the Thunderbird GMail OAuth2 account.

Or is this a non-issue and I should just file a bug to create the account?

R Kent James
Chair, Thunderbird Project
_______________________________________________
governance mailing list
[email protected]
https://lists.mozilla.org/listinfo/governance

Reply via email to