Open Stack

Hey all -

Just wanted to add a little clarity to this so that the rest of the 
Infra team is up to speed about how we got here. OAuth2 was included as 
part of OpenStackID for this exact reason. As you all know OpenID has 
limited standard claims 
(http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims), 
which didn't seem to meet the long term needs of the community. As a 
result, our original proposal was to use OpenID Connect since it 
hadOAuth baked in. Since that was a no go from the Gerrit side, we 
ultimately pursued OpenID + OAuth2 so we could have similar 
functionality, even if the lift was a little heavier.

The idea is that ultimately you'll be able to share pieces of 
information across the many OpenStack properties (e.g. the last Gerrit 
commit, # of commits per user, profile picture, CLA signature, messages 
to encourage members to vote, etc..) In the end, this is meant to 
connect all of the properties through a single OpenStackID and allow for 
greater data sharing amongst them.

Thanks and please let me know if you have further questions or concerns.

-- 
Jimmy McArthur / Tipit.net <http://Tipit.net>< jimmy at tipit.net 
<mailto:jimmy at tipit.net>>
m: 512.965.4846





> Marton Kiss <mailto:marton.kiss at gmail.com>
> November 18, 2014 at 9:22 AM
> Hi All,
>
> I want to replace the groups portal authentication mechanism from 
> openid to oauth2, because the actual openid implementation not 
> supports retrieval of profile picture urls. The side-effect of the 
> migration that OpenStackID enforce using SSL for oauth2 communication. 
> So we need to issue an x509 ssl cert for groups.openstack.org 
> <http://groups.openstack.org> and groups-dev.openstack.org 
> <http://groups-dev.openstack.org> domains, and need to add SSL based 
> vhosts to Apache webserver. I'll prepare the required apache 
> system-config changes.
>
> I've added a blueprint for this at openstack-ci launchpad:
> https://blueprints.launchpad.net/openstack-ci/+spec/groups-oauth2-authentication
>
> Brgds,
>   Marton Kiss
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20141119/dc05f3b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20141119/dc05f3b3/attachment.jpg>