I've been hammering my head against the problem of registering and authenticating Jenkins Essentials instances all week (and boy does my head hurt!) but now, after 6pm on Friday evening, do I feel like I have a design/concept worth soliciting feedback on.
Since there's so much context and detail necessary, I went ahead and wrote the
majority of the JEP document here:
https://github.com/rtyler/jep/tree/essentials-registration/jep/0000
I'm not sure how familiar this topic area is to many Jenkins contributors, so
I'm also asking for feedback off-list from colleagues of mine from previous
jobs where we built similar systems with similar requirements. If you have
similarly skilled colleagues or security professionals you work with, I would
appreciate you asking for their thoughts if they have the time as well.
The local prototype code I have for this is so gnarly and embarrassing that I'm
not going to show you all just yet :) But suffice it to say, the approach
generally works, just needs more tests ;)
Cheers
- R. Tyler Croy
------------------------------------------------------
Code: <https://github.com/rtyler>
Chatter: <https://twitter.com/agentdero>
xmpp: [email protected]
% gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
------------------------------------------------------
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-dev/20180324020555.p26pfpln3j722m5r%40blackberry.coupleofllamas.com.
For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
