Return-Path: 
 <infrastructure-dev-return-662-apmail-infrastructure-dev-archive=apache.org@apache.org>
Delivered-To: apmail-infrastructure-dev-archive@locus.apache.org
Received: (qmail 63877 invoked from network); 25 Nov 2008 11:02:09 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 25 Nov 2008 11:02:09 -0000
Received: (qmail 30430 invoked by uid 500); 25 Nov 2008 11:02:19 -0000
Delivered-To: apmail-infrastructure-dev-archive@apache.org
Received: (qmail 30345 invoked by uid 500); 25 Nov 2008 11:02:18 -0000
Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:infrastructure-dev-help@apache.org>
List-Unsubscribe: <mailto:infrastructure-dev-unsubscribe@apache.org>
List-Post: <mailto:infrastructure-dev@apache.org>
List-Id: <infrastructure-dev.apache.org>
Reply-To: infrastructure-dev@apache.org
Delivered-To: mailing list infrastructure-dev@apache.org
Received: (qmail 29877 invoked by uid 99); 25 Nov 2008 11:02:16 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Nov 2008 03:02:15 -0800
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [61.9.168.152] (HELO nskntmtas06p.mx.bigpond.com)
 (61.9.168.152)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Nov 2008 11:00:48 +0000
Received: from nskntotgx01p.mx.bigpond.com ([121.215.243.70])
          by nskntmtas06p.mx.bigpond.com with ESMTP
          id
 <20081125110122.XSSB1809.nskntmtas06p.mx.bigpond.com@nskntotgx01p.mx.bigpond.com>
          for <infrastructure-dev@apache.org>;
          Tue, 25 Nov 2008 11:01:22 +0000
Received: from developer ([121.215.243.70]) by nskntotgx01p.mx.bigpond.com
          with ESMTP
          id <20081125110121.RIO3267.nskntotgx01p.mx.bigpond.com@developer>
          for <infrastructure-dev@apache.org>;
          Tue, 25 Nov 2008 11:01:21 +0000
From: "Gavin" <gavin@16degrees.com.au>
To: <infrastructure-dev@apache.org>
References: <55ef8e0d508559e7567041e44f6c61d5.squirrel@mail.pc-tony.com>
 <492B57AB.3010003@apache.org> <1227608308.9859.1857.camel@urgyen>
Subject: RE: Centralised authentication/authorisation
Date: Tue, 25 Nov 2008 21:01:21 +1000
Message-ID: <F1662BA63CA74608A1FE1272618C7188@developer>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <1227608308.9859.1857.camel@urgyen>
Thread-Index: AclO56zIOAppkWK7SPqKIi8//55PZwAA2AmQ
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Antivirus: avast! (VPS 081124-0, 24/11/2008), Outbound message
X-Antivirus-Status: Clean
X-RPD-ScanID: Class unknown;
 VirusThreatLevel unknown, RefID str=0001.0A150203.492BDB02.014C,ss=1,fgs=0
X-Virus-Checked: Checked by ClamAV on apache.org



> -----Original Message-----
> From: Upayavira [mailto:uv@odoko.co.uk]
> Sent: Tuesday, 25 November 2008 8:18 PM
> To: infrastructure-dev@apache.org
> Subject: Re: Centralised authentication/authorisation
> 
> On Tue, 2008-11-25 at 01:40 +0000, Tony Stevenson wrote:
> >
> > Tony Stevenson wrote:
> >
> > >
> > > A few people have helped start gathering requirements, and ideas here
> ->
> > >
> > > https://svn.apache.org/repos/asf/infrastructure/trunk/projects/ldap-
> project/
> > >
> >
> > I have just updated these a little.
> >
> >
> > Leading on from this, there are several steps that need to be
> > considered.  This primarily revolves around the schema design, and which
> > product(s) should be considered.
> >
> > Does anyone have any ideas how you think the schema should look? There
> > is an initial document in the SVN repo.
> >
> > What about the concepts of using Kerberos and/or certificated?
> 
> My one thought from browsing the proposed schema is that we have two use
> cases, committers and admins. Personally, at this point in time, I think
> we should be focussing on committers. That is where the scaling issues
> are. Adding Jack Black as root on hermes is a simple one off job that
> doesn't happen too often, so we can stick with our current scheme for
> the time being.
> 
> Providing a centralised authentication scheme for SVN, Jira, Bugzilla,
> Moin and Confluence will be enough work as it is!

Confluence and Jira *shouldn't* be that hard. It already supports LDAP
either directly or via Crowd (Crowd delegates to LDAP/AD).

See :-

http://confluence.atlassian.com/display/DOC/Add+LDAP+Integration

and

http://www.atlassian.com/software/jira/docs/v3.13/ldap.html

However, I'd need to look at these more closely, the Jira LDAP method uses
their osuser method still in the latest Jira release, yet Confluence uses a
different 'atlassian-user' method and marks the 'osuser' method as
deprecated, so a conflict in terms of design I'd like to investigate more,
though I'm sure if each is individually configured wont pose a problem.

Personally, I'd like to see Crowd used for Confluence & Jira and then let
Crowd delegate to LDAP.

I'd go even further than that and suggest we apply for Jira Studio - which
combines Jira/Confluence/Fisheye/Crucible/Crowd (and Subversion) .

http://www.jira.com/tour/

The only ones out of that pack we don't use are Crowd and Crucible, Fisheye
some projects use off site.

Gav...(dons flack jacket)

> 
> Upayavira
>