Quack, On 06/17/2016 04:55 PM, Barak Korren wrote:
> As long as we allow more then one provider, and also allow for some free > ones like Fedora its not bad at all IMO. And it has the nice benofit of > not having to secure any user credential database on our infra. It's not bad, just better to have choice not to rely on them if you (as a user) wish IMO. Also I though having a direct compatibility with MM2 would ease transition (as pointed out by Evgheni), but this is not an option right now. > We've been using that approach on oVirt Gerrit forever, and are looking > at ways to expand it to other parts of the infra. Forever is irrelevant. If it suits the projects' needs in the contrary, then let's do this way. > Long term we would probaly like all authentication done against > prividers via some sort of an sso layer, while authorization will be > based on group assignments in Gerrit. Maybe freeipa could help building this. I think Misc as more experience with this; he could probably give some advice. So as for now: - Google OAuth: enabled but not working yet, waiting to have access to data to create the API credentials - Fedora: works well, tested with Misc's account - Persona: works well - OpenID: tested with LaunchPad/UbuntuOne, works well but URL has to be entered manually, so maybe the page could be tweaked to have links like in Gerrit Would it be sufficient to begin with? I think we should warn users they would need to have their email address registered on some provider if not already done (in the announcement). \_o<
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Infra mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/infra
