1 |
On 18-05-2020 18:42:24 -0700, Alec Warner wrote: |
2 |
> TL;DR: What if we launched id.gentoo.org[1], an identity provider that provides |
3 |
> authentication for Gentoo properties? Basically, 1 username / password for wiki, |
4 |
> bugs, email, forums, and any other http service[0][1]. |
5 |
|
6 |
I'd be in favour of SSO for all http-, imap- and smtp-based Gentoo services. |
7 |
|
8 |
Thanks, |
9 |
Fabian |
10 |
|
11 |
> |
12 |
> Today Gentoo has numerous systems that mostly work in a segmented way. |
13 |
> |
14 |
> - To connect to hosts, we use ssh keys. |
15 |
> - Git is authenticated via ssh keys. |
16 |
> - Email uses LDAP passwords. |
17 |
> - Bugzilla has its own identities, with their own passwords. |
18 |
> - Wiki is separate, with its own passwords. |
19 |
> - Forums are separate. |
20 |
> - Infra has an additional 4 systems that use separate credentials. |
21 |
> |
22 |
> Some applications support 2FA (such as wiki.) |
23 |
> Some applications do not support 2FA. |
24 |
> Applications that require 2FA have a configuration for each app, so you have N |
25 |
> configurations. |
26 |
> |
27 |
> If we configured id.gentoo.org[2] you would have 1 identity across all gentoo |
28 |
> properties. |
29 |
> |
30 |
> Is this a thing people are interested in? |
31 |
> |
32 |
> [0] It's unlikely operations for git via ssh would change in this rollout. |
33 |
> [1] Its unclear if the scope is "gentoo developers" or "any community member." |
34 |
> The former have LDAP accounts and @gentoo.org[3] email addresses and so we can |
35 |
> manage them easily; managing 1000s of other accounts in the IDP remains to be |
36 |
> seem. |
37 |
> |
38 |
> |
39 |
> References |
40 |
> 1. http://id.gentoo.org |
41 |
> 2. http://id.gentoo.org |
42 |
> 3. http://gentoo.org |
43 |
|
44 |
-- |
45 |
Fabian Groffen |
46 |
Gentoo on a different level |