[OpenStack-DefCore] [Security] List Users in RefStack

Gema Gomez gema.gomez-solano at canonical.com
Wed Mar 16 17:02:27 UTC 2016 

In my opinion, listing users should work as follows:

- Any user can list the users of the organizations (s)he belongs to.

What data to list? Full name+email+OpenID


- Any Foundation (super-admin) user should be able to list everyone, and
this should probably be a separate API call from the ones all users have
available.

What data to list? Full name+email+OpenID+Organizations


Cheers,
Gema

On 14/03/16 22:28, Catherine Cuong Diep wrote:
> The RefStack team would appreciate guidance and recommendation on the
> following:
> 
>  1. Should any RefStack authenticated user be able to list the users
>     registered in RefStack?
>       * If the answer is yes, which user information should be returned
>         (full name, email, OpenID)?
>  2. Or ONLY OpenStack Foundation members can list the users in RefStack?
> 
> 
> 
> _Back ground information:_
> 
>  1. When a user registers at RefStack, RefStack does not request any
>     user information input from the user, Instead, RefStack redirects
>     the registration process to OpenstackId Identity Provider (
>     https://openstackid.org/ ) and obtains three pieces of user
>     information ( full name, email, OpenID ) from the OpenstackId
>     Identity Provider.
>  2. OpenstackId Identity Provider ( https://openstackid.org/ ) treats
>     email as private information. You will not find email or OpenID
>     information on any member's public profile on
>     https://www.openstack.org/community/members/ . Furthermore, if you
>     look at your own profile on https://www.openstack.org/profile/ , you
>     will find that email information is listed under the "private
>     information" section.
>  3. Since OpenstackId Identity Provider is the source of the user
>     information of RefStack, RefStack should respect and not relax the
>     privacy policy set by its source .
> 
> 
> Note:
> The user information for _review.openstack.org_
> <http://review.openstack.org/> seems to be set in
> https://review.openstack.org/#/settings/web-identities and not from
> OpenstackId Identity Provider.
> 
> Catherine Diep
> RefStack Project PTL
> IBM Silicon Valley Laboratory, San Jose, California 95141
> cdiep at us.ibm.com, Tel: (408) 463-4352 T/L: 543-4352
> 
> 
> _______________________________________________
> Defcore-committee mailing list
> Defcore-committee at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/defcore-committee
> 


-- 
Gema Gomez-Solano        <gema.gomez-solano at canonical.com>
STS, QE                  https://launchpad.net/~gema
Canonical Ltd.           http://www.canonical.com

More information about the Defcore-committee mailing list