<html><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">Hey all - <br>
<br>
Just wanted to add a little clarity to this so that the rest of the
Infra team is up to speed about how we got here. OAuth2 was included as
part of OpenStackID for this exact reason. <span>As you all know OpenID
has limited standard claims
(<a class="moz-txt-link-freetext" href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims</a>),
which didn't seem to meet the long term needs of the community. As a
result, our original proposal was to use OpenID Connect since it
hadOAuth baked in. </span><span>Since that was a no go from the Gerrit
side, we ultimately pursued
OpenID + OAuth2 so we could have similar functionality, even if the lift
was a little heavier. </span><br>
<br>
The idea is that ultimately you'll be able to share pieces of
information across the many OpenStack properties (e.g. the last Gerrit
commit, # of commits per user, profile picture, CLA signature, messages
to encourage members to vote, etc..) In the end, this is meant to
connect all of the properties through a single OpenStackID and allow for
greater data sharing amongst them. <br>
<br>
Thanks and please let me know if you have further questions or concerns.<br>
<br>
<span>-- <br><span><div style="color: rgb(136, 136, 136); margin-right:
24px;" __pbrmquotes="true" class="__pbConvBody"><span style="color:
rgb(0, 0, 0);">Jimmy McArthur / </span><a style="color: rgb(0, 0, 0);"
moz-do-not-send="true" href="http://Tipit.net">Tipit.net</a><span
style="color: rgb(0, 0, 0);"> < </span><a style="color: rgb(0, 0,
0);" moz-do-not-send="true" href="mailto:jimmy@tipit.net">jimmy@tipit.net</a><span
style="color: rgb(0, 0, 0);">></span><br>
m: 512.965.4846</div>
<br>
</span></span><br>
<br>
<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:CAMwrYFHD7C9Wprt6rWz10CNJfT6s7wj0NWeuppdhXLUFGftTKw@mail.gmail.com"
type="cite">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="display:table;width:100%;border-top:1px solid
#EDEEF0;padding-top:5px"> <div
style="display:table-cell;vertical-align:middle;padding-right:6px;"><img
photoaddress="marton.kiss@gmail.com" photoname="Marton Kiss"
src="cid:part1.08040406.06060201@tipit.net"
name="compose-unknown-contact.jpg" height="25px" width="25px"></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a moz-do-not-send="true" href="mailto:marton.kiss@gmail.com"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">Marton Kiss</a></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;">
<font color="#9FA2A5"><span style="padding-left:6px">November 18, 2014
at 9:22 AM</span></font></div></div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody"><div dir="ltr">Hi All,<div><br></div><div>I
want to replace the groups portal authentication mechanism from openid
to oauth2, because the actual openid implementation not supports
retrieval of profile picture urls. The side-effect of the migration that
OpenStackID enforce using SSL for oauth2 communication. So we need to
issue an x509 ssl cert for <a moz-do-not-send="true"
href="http://groups.openstack.org">groups.openstack.org</a> and <a
moz-do-not-send="true" href="http://groups-dev.openstack.org">groups-dev.openstack.org</a>
domains, and need to add SSL based vhosts to Apache webserver. I'll
prepare the required apache system-config changes.</div><div><br></div><div>I've
added a blueprint for this at openstack-ci launchpad:</div><div><a
moz-do-not-send="true"
href="https://blueprints.launchpad.net/openstack-ci/+spec/groups-oauth2-authentication">https://blueprints.launchpad.net/openstack-ci/+spec/groups-oauth2-authentication</a><br></div><div><br></div><div>Brgds,</div><div>
Marton Kiss</div></div>
<div>_______________________________________________<br>OpenStack-Infra
mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:OpenStack-Infra@lists.openstack.org">OpenStack-Infra@lists.openstack.org</a><br><a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra</a><br></div></div>
</blockquote>
<br>
<div class="moz-signature"><br>
</div>
</body></html>