On Mon, Apr 6, 2020 at 11:58 PM Bastian Blank <wa...@debian.org> wrote: [...] > ## Highlevel plan > > - Salsa becomes primary source of user info and authentication for secondary > services via OpenID Connect (OAuth2), for both DDs and non-DDs, replacing > sso.debian.org. > - Salsa allows user renames and drops namespace rules for users (i.e., no more > requirement for -guest suffix). > - nm.debian.org uses Salsa usernames by default to populate LDAP usernames > when > creating accounts, and stores OIDC subject to strongly correlate between > Salsa and Debian LDAP users. > > ## Fixed problems > > - We get a user source everyone can use both as service provider and user. > - Users can rename themselves before becoming DDs, and retain all information > both on Salsa and on other services. This also works while transitioning > between non-DD and DD, and back. >
1. Can you still keep the "-guest" enforcement, so it's still easy to recognize who is DD or not on salsa? 2. For transition between non-DD and DD, could salsa admin rename the username by requests? For 1, I think it doesn't make the original plan more complicated. For 2, I think it doesn't either, as you already plan to support renaming. -- Shengjing Zhu
