Return-Path: 
 <infrastructure-dev-return-690-apmail-infrastructure-dev-archive=apache.org@apache.org>
Delivered-To: apmail-infrastructure-dev-archive@locus.apache.org
Received: (qmail 75219 invoked from network); 27 Nov 2008 12:20:24 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 27 Nov 2008 12:20:24 -0000
Received: (qmail 13930 invoked by uid 500); 27 Nov 2008 12:20:35 -0000
Delivered-To: apmail-infrastructure-dev-archive@apache.org
Received: (qmail 13835 invoked by uid 500); 27 Nov 2008 12:20:35 -0000
Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:infrastructure-dev-help@apache.org>
List-Unsubscribe: <mailto:infrastructure-dev-unsubscribe@apache.org>
List-Post: <mailto:infrastructure-dev@apache.org>
List-Id: <infrastructure-dev.apache.org>
Reply-To: infrastructure-dev@apache.org
Delivered-To: mailing list infrastructure-dev@apache.org
Received: (qmail 13824 invoked by uid 99); 27 Nov 2008 12:20:35 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Nov 2008 04:20:35 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of sebbaz@gmail.com designates
 66.249.92.175 as permitted sender)
Received: from [66.249.92.175] (HELO ug-out-1314.google.com) (66.249.92.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Nov 2008 12:19:09 +0000
Received: by ug-out-1314.google.com with SMTP id j40so1869018ugd.26
        for <infrastructure-dev@apache.org>;
 Thu, 27 Nov 2008 04:19:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=JwBHFthHKxpLaGf+RBFYENqvsXzvy8cMs7vPJ7jRiFQ=;
        b=lqZGEvfsu1P2N2hfmBjA0DfkZMfyN2LXRYRQiVxN7PewCTz0LW8j19a1QIl9bfX8U+
         E9rOWd1Q2OB9jvooKNERYiY/nNxJ0CL9e79qRgmQr/UzBj2+9WfXh5ftOpxOI/sEQOgK
         hze5S8TwL7ZpeItrcd2o+DbpJThQ6hNu2CVak=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=qzm5z24c0NMueMe3ViUc5xq0czfuie02fweXvcyzNU/OnEpyUBnfGts2b+egrsogl0
         5qM72ipfobm6gM6fQJGK+cEGDADFjA/N1w8DvcmEE8iSCcQS0vauCjLUDdb0CQ5EiQ3E
         MFGf6uiq0F8n+mD12Sm1Bc81tPcFvA7F4hvgA=
Received: by 10.86.52.6 with SMTP id z6mr4541084fgz.63.1227788385618;
        Thu, 27 Nov 2008 04:19:45 -0800 (PST)
Received: by 10.86.65.7 with HTTP; Thu, 27 Nov 2008 04:19:45 -0800 (PST)
Message-ID: <25aac9fc0811270419x510acfc6n65e7bfbc199d0431@mail.gmail.com>
Date: Thu, 27 Nov 2008 12:19:45 +0000
From: sebb <sebbaz@gmail.com>
To: infrastructure-dev@apache.org
Subject: Re: Centralised authentication/authorisation
In-Reply-To: <1227787207.22393.93.camel@urgyen>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <55ef8e0d508559e7567041e44f6c61d5.squirrel@mail.pc-tony.com>
	 <1227779504.22393.80.camel@urgyen> <492E796D.8080307@sharp.fm>
	 <1227787207.22393.93.camel@urgyen>
X-Virus-Checked: Checked by ClamAV on apache.org

On 27/11/2008, Upayavira <uv@odoko.co.uk> wrote:
> On Thu, 2008-11-27 at 12:41 +0200, Graham Leggett wrote:
>  > Upayavira wrote:
>  >
>  > > The biggest issue that I do not yet see resolved is that of username
>  > > namespaces.
>  > >
>  > > Currently, we have a 'committer' namespace, names are allocated, by
>  > > root, based upon requests from the new committer, when their Apache
>  > > account is created.
>  > >
>  > > If we go to an LDAP setup that covers non-committers too, then we have
>  > > to expand our namespace handing to cover names that non-committers might
>  > > choose.
>  > >
>  > > And, we need to work out a way to handle the transition from
>  > > non-committer to committer, in the (likely) case that that involves a
>  > > change in username.
>  > >
>  > > Otherwise, we could get folks snapping up all the best names in the
>  > > @apache.org namespace in the hope that they may one day become a
>  > > committer, rather than having a name selected for them at the point at
>  > > which their account is created.
>  >
>  > I generally approach this by using an email address as the account
>  > identifier.
>  >
>  > When at some future date a user warrants committership, they get a uid
>  > attribute added as appropriate.
>
>
> This starts to get us closer. SVN would of course authenticate against
>  the UID, but that is fine, as it is only relevant to committers.
>  Likewise shell access on people.apache.org.
>
>  Jira, Confluence, Bugzilla should all be able to accept an email address
>  as their unique ID. Moin however will not accept an email address
>  (alphanumeric only), so we'd need to work something else out there
>  (simply strip @ and . from the email address??)
>

However, Moin requires a valid e-mail address when registering (if
not, it should).

Hopefully, this could be used as the key when validating the user.

>  Upayavira
>
>
>
>
>