1 |
TL;DR: What if we launched id.gentoo.org, an identity provider that |
2 |
provides authentication for Gentoo properties? Basically, 1 username / |
3 |
password for wiki, bugs, email, forums, and any other http service[0][1]. |
4 |
|
5 |
Today Gentoo has numerous systems that mostly work in a segmented way. |
6 |
|
7 |
- To connect to hosts, we use ssh keys. |
8 |
- Git is authenticated via ssh keys. |
9 |
- Email uses LDAP passwords. |
10 |
- Bugzilla has its own identities, with their own passwords. |
11 |
- Wiki is separate, with its own passwords. |
12 |
- Forums are separate. |
13 |
- Infra has an additional 4 systems that use separate credentials. |
14 |
|
15 |
Some applications support 2FA (such as wiki.) |
16 |
Some applications do not support 2FA. |
17 |
Applications that require 2FA have a configuration for each app, so you |
18 |
have N configurations. |
19 |
|
20 |
If we configured id.gentoo.org you would have 1 identity across all gentoo |
21 |
properties. |
22 |
|
23 |
Is this a thing people are interested in? |
24 |
|
25 |
[0] It's unlikely operations for git via ssh would change in this rollout. |
26 |
[1] Its unclear if the scope is "gentoo developers" or "any community |
27 |
member." The former have LDAP accounts and @gentoo.org email addresses and |
28 |
so we can manage them easily; managing 1000s of other accounts in the IDP |
29 |
remains to be seem. |