[OpenStack-Infra] Groups portal SSL certificates
Jimmy Mcarthur
jimmy at tipit.net
Wed Nov 19 17:29:36 UTC 2014
Hey all -
Just wanted to add a little clarity to this so that the rest of the
Infra team is up to speed about how we got here. OAuth2 was included as
part of OpenStackID for this exact reason. As you all know OpenID has
limited standard claims
(http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims),
which didn't seem to meet the long term needs of the community. As a
result, our original proposal was to use OpenID Connect since it
hadOAuth baked in. Since that was a no go from the Gerrit side, we
ultimately pursued OpenID + OAuth2 so we could have similar
functionality, even if the lift was a little heavier.
The idea is that ultimately you'll be able to share pieces of
information across the many OpenStack properties (e.g. the last Gerrit
commit, # of commits per user, profile picture, CLA signature, messages
to encourage members to vote, etc..) In the end, this is meant to
connect all of the properties through a single OpenStackID and allow for
greater data sharing amongst them.
Thanks and please let me know if you have further questions or concerns.
--
Jimmy McArthur / Tipit.net <http://Tipit.net>< jimmy at tipit.net
<mailto:jimmy at tipit.net>>
m: 512.965.4846
> Marton Kiss <mailto:marton.kiss at gmail.com>
> November 18, 2014 at 9:22 AM
> Hi All,
>
> I want to replace the groups portal authentication mechanism from
> openid to oauth2, because the actual openid implementation not
> supports retrieval of profile picture urls. The side-effect of the
> migration that OpenStackID enforce using SSL for oauth2 communication.
> So we need to issue an x509 ssl cert for groups.openstack.org
> <http://groups.openstack.org> and groups-dev.openstack.org
> <http://groups-dev.openstack.org> domains, and need to add SSL based
> vhosts to Apache webserver. I'll prepare the required apache
> system-config changes.
>
> I've added a blueprint for this at openstack-ci launchpad:
> https://blueprints.launchpad.net/openstack-ci/+spec/groups-oauth2-authentication
>
> Brgds,
> Marton Kiss
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20141119/dc05f3b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20141119/dc05f3b3/attachment.jpg>
More information about the OpenStack-Infra
mailing list