Gentoo Archives: gentoo-dev

From: Alec Warner <antarus@g.o>
To: Gentoo Dev <gentoo-dev@l.g.o>
Subject: [gentoo-dev] RFC: Gentoo Identity Provider
Date: Tue, 19 May 2020 01:42:42
Message-Id: CAAr7Pr8pG9nd_r2aowpn8Vx1=FokhT=kn785H0iEXivHtpYfeQ@mail.gmail.com
TL;DR: What if we launched id.gentoo.org, an identity provider that
provides authentication for Gentoo properties? Basically, 1 username /
password for wiki, bugs, email, forums, and any other http service[0][1].

Today Gentoo has numerous systems that mostly work in a segmented way.

 - To connect to hosts, we use ssh keys.
 - Git is authenticated via ssh keys.
 - Email uses LDAP passwords.
 - Bugzilla has its own identities, with their own passwords.
 - Wiki is separate, with its own passwords.
 - Forums are separate.
 - Infra has an additional 4 systems that use separate credentials.

Some applications support 2FA (such as wiki.)
Some applications do not support 2FA.
Applications that require 2FA have a configuration for each app, so you
have N configurations.

If we configured id.gentoo.org you would have 1 identity across all gentoo
properties.

Is this a thing people are interested in?

[0] It's unlikely operations for git via ssh would change in this rollout.
[1] Its unclear if the scope is "gentoo developers" or "any community
member." The former have LDAP accounts and @gentoo.org email addresses and
so we can manage them easily; managing 1000s of other accounts in the IDP
remains to be seem.

Replies

Subject Author
Re: [gentoo-dev] RFC: Gentoo Identity Provider Fabian Groffen <grobian@g.o>
Re: [gentoo-dev] RFC: Gentoo Identity Provider "Michał Górny" <mgorny@g.o>
Re: [gentoo-dev] RFC: Gentoo Identity Provider Joonas Niilola <juippis@g.o>
Re: [gentoo-dev] RFC: Gentoo Identity Provider Lars Wendler <polynomial-c@g.o>