[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa as authentication provider for Debian

On Mon, Apr 6, 2020 at 11:58 PM Bastian Blank <waldi@debian.org> wrote:
[...]
> ## Highlevel plan
>
> - Salsa becomes primary source of user info and authentication for secondary
>   services via OpenID Connect (OAuth2), for both DDs and non-DDs, replacing
>   sso.debian.org.
> - Salsa allows user renames and drops namespace rules for users (i.e., no more
>   requirement for -guest suffix).
> - nm.debian.org uses Salsa usernames by default to populate LDAP usernames when
>   creating accounts, and stores OIDC subject to strongly correlate between
>   Salsa and Debian LDAP users.
>
> ## Fixed problems
>
> - We get a user source everyone can use both as service provider and user.
> - Users can rename themselves before becoming DDs, and retain all information
>   both on Salsa and on other services. This also works while transitioning
>   between non-DD and DD, and back.
>

1. Can you still keep the "-guest" enforcement, so it's still easy to
recognize who is DD or not on salsa?
2. For transition between non-DD and DD, could salsa admin rename the
username by requests?

For 1, I think it doesn't make the original plan more complicated.
For 2, I think it doesn't either, as you already plan to support renaming.

-- 
Shengjing Zhu
Reply to: