From infrastructure-dev-return-689-apmail-infrastructure-dev-archive=apache.org@apache.org Thu Nov 27 12:03:50 2008 Return-Path: Delivered-To: apmail-infrastructure-dev-archive@locus.apache.org Received: (qmail 65865 invoked from network); 27 Nov 2008 12:03:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Nov 2008 12:03:50 -0000 Received: (qmail 99395 invoked by uid 500); 27 Nov 2008 12:04:01 -0000 Delivered-To: apmail-infrastructure-dev-archive@apache.org Received: (qmail 99327 invoked by uid 500); 27 Nov 2008 12:04:00 -0000 Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: infrastructure-dev@apache.org Delivered-To: mailing list infrastructure-dev@apache.org Received: (qmail 99316 invoked by uid 99); 27 Nov 2008 12:04:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Nov 2008 04:04:00 -0800 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [66.111.4.25] (HELO out1.smtp.messagingengine.com) (66.111.4.25) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Nov 2008 12:02:33 +0000 Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id B35A71BCE7B for ; Thu, 27 Nov 2008 07:00:09 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute2.internal (MEProxy); Thu, 27 Nov 2008 07:00:09 -0500 X-Sasl-enc: mgLHnvnWdMIWMUs29RC0RoHofIOye2XGt3m3z3u9YiN1 1227787209 Received: from [192.168.1.66] (host86-140-163-144.range86-140.btcentralplus.com [86.140.163.144]) by www.fastmail.fm (Postfix) with ESMTPSA id 0DE7BA43A for ; Thu, 27 Nov 2008 07:00:08 -0500 (EST) Subject: Re: Centralised authentication/authorisation From: Upayavira To: infrastructure-dev@apache.org In-Reply-To: <492E796D.8080307@sharp.fm> References: <55ef8e0d508559e7567041e44f6c61d5.squirrel@mail.pc-tony.com> <1227779504.22393.80.camel@urgyen> <492E796D.8080307@sharp.fm> Content-Type: text/plain Date: Thu, 27 Nov 2008 12:00:07 +0000 Message-Id: <1227787207.22393.93.camel@urgyen> Mime-Version: 1.0 X-Mailer: Evolution 2.24.2 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On Thu, 2008-11-27 at 12:41 +0200, Graham Leggett wrote: > Upayavira wrote: > > > The biggest issue that I do not yet see resolved is that of username > > namespaces. > > > > Currently, we have a 'committer' namespace, names are allocated, by > > root, based upon requests from the new committer, when their Apache > > account is created. > > > > If we go to an LDAP setup that covers non-committers too, then we have > > to expand our namespace handing to cover names that non-committers might > > choose. > > > > And, we need to work out a way to handle the transition from > > non-committer to committer, in the (likely) case that that involves a > > change in username. > > > > Otherwise, we could get folks snapping up all the best names in the > > @apache.org namespace in the hope that they may one day become a > > committer, rather than having a name selected for them at the point at > > which their account is created. > > I generally approach this by using an email address as the account > identifier. > > When at some future date a user warrants committership, they get a uid > attribute added as appropriate. This starts to get us closer. SVN would of course authenticate against the UID, but that is fine, as it is only relevant to committers. Likewise shell access on people.apache.org. Jira, Confluence, Bugzilla should all be able to accept an email address as their unique ID. Moin however will not accept an email address (alphanumeric only), so we'd need to work something else out there (simply strip @ and . from the email address??) Upayavira