www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Centralised authentication/authorisation
Date Thu, 27 Nov 2008 12:19:45 GMT
On 27/11/2008, Upayavira <uv@odoko.co.uk> wrote:
> On Thu, 2008-11-27 at 12:41 +0200, Graham Leggett wrote:
>  > Upayavira wrote:
>  >
>  > > The biggest issue that I do not yet see resolved is that of username
>  > > namespaces.
>  > >
>  > > Currently, we have a 'committer' namespace, names are allocated, by
>  > > root, based upon requests from the new committer, when their Apache
>  > > account is created.
>  > >
>  > > If we go to an LDAP setup that covers non-committers too, then we have
>  > > to expand our namespace handing to cover names that non-committers might
>  > > choose.
>  > >
>  > > And, we need to work out a way to handle the transition from
>  > > non-committer to committer, in the (likely) case that that involves a
>  > > change in username.
>  > >
>  > > Otherwise, we could get folks snapping up all the best names in the
>  > > @apache.org namespace in the hope that they may one day become a
>  > > committer, rather than having a name selected for them at the point at
>  > > which their account is created.
>  >
>  > I generally approach this by using an email address as the account
>  > identifier.
>  >
>  > When at some future date a user warrants committership, they get a uid
>  > attribute added as appropriate.
>
>
> This starts to get us closer. SVN would of course authenticate against
>  the UID, but that is fine, as it is only relevant to committers.
>  Likewise shell access on people.apache.org.
>
>  Jira, Confluence, Bugzilla should all be able to accept an email address
>  as their unique ID. Moin however will not accept an email address
>  (alphanumeric only), so we'd need to work something else out there
>  (simply strip @ and . from the email address??)
>

However, Moin requires a valid e-mail address when registering (if
not, it should).

Hopefully, this could be used as the key when validating the user.

>  Upayavira
>
>
>
>
>

Mime
View raw message