>>>>> "Luca" == Luca Filipozzi <lfili...@debian.org> writes:
[All my statements in this thread have been as an individual, not as
DPL. I've offered to help Enrico facilitate consensus calling in this
discussion, and if he takes me up on that, such facilitation might not
entirely be separable from the DPL role when done by the acting DPL.
]
>> the future?
Luca> I think introduction of the broker is the compelling use
Luca> case. I appreciate that you may not view that as sufficient
Luca> compelling.
I think you are arguing that something like keycloak is a broker, but
something like gitlab cannot be a broker.
That is not true in my experience.
One of my employer's customers uses keycloak as an IDP to log into
gitlab.
They then use gitlab as an application to front a few developer-facing
services.
So, in effect in that environment gitlab works as a broker.
I'd assume that you could just as easily permit people to use onmiauth
to Google on the gitlab side rather than fronting with keycloak.
So, I think we get broker aspects either way.
Now, doubtless keycloak is a more flexible broker than gitlab.
But as best I can tell broker is a use case that is present in all the
solutions being discussed.
I do not think it is unique to the llng/keycloak path.
