Hello,
the oauth2 part of our single signon system is in need of a team of
people to maintain it, and my experience so far has been that nobody
seems to understand oauth2[1].
I would like, in some future, to completely replace DACS with OAuth2 for
sso.debian.org, but I would not want that to happen until there are at
least three active people in Debian who actually know the protocol
inside out and have an interest in becoming comaintainers of the
sso.debian.org infrastructure[2].
Studying the protocol is probably more fun when done in a group, so this
looks like an idea for a DebConf Sprint[3].
Who would be interested in joining this?
(feel free to pass this on to other lists/irc channels/*)
Enrico
[1] I also don't understand oauth2, so I'm not one of the maintainers.
My impression is that currently there are no maintainers.
[2] since it is a security critical bit, I'd like there to be a team of
people who can make security assessments, and where peer review is
possible.
[3] http://lists.debconf.org/lurker/message/20150216.170544.11b6abc9.en.html
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: Digital signature