Re: [OpenStack-Infra] Groups portal SSL certificates

Wed, 19 Nov 2014 09:34:37 -0800 

Hey all -
Just wanted to add a little clarity to this so that the rest of the Infra team is up to speed about how we got here. OAuth2 was included as part of OpenStackID for this exact reason. As you all know OpenID has limited standard claims (http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims), which didn't seem to meet the long term needs of the community. As a result, our original proposal was to use OpenID Connect since it hadOAuth baked in. Since that was a no go from the Gerrit side, we ultimately pursued OpenID + OAuth2 so we could have similar functionality, even if the lift was a little heavier. 


The idea is that ultimately you'll be able to share pieces of 
information across the many OpenStack properties (e.g. the last Gerrit 
commit, # of commits per user, profile picture, CLA signature, messages 
to encourage members to vote, etc..) In the end, this is meant to 
connect all of the properties through a single OpenStackID and allow for 
greater data sharing amongst them.


Thanks and please let me know if you have further questions or concerns.

--

Jimmy McArthur / Tipit.net <http://Tipit.net>< ji...@tipit.net 
<mailto:ji...@tipit.net>>

m: 512.965.4846






Marton Kiss <mailto:marton.k...@gmail.com>
November 18, 2014 at 9:22 AM
Hi All,


I want to replace the groups portal authentication mechanism from 
openid to oauth2, because the actual openid implementation not 
supports retrieval of profile picture urls. The side-effect of the 
migration that OpenStackID enforce using SSL for oauth2 communication. 
So we need to issue an x509 ssl cert for groups.openstack.org 
<http://groups.openstack.org> and groups-dev.openstack.org 
<http://groups-dev.openstack.org> domains, and need to add SSL based 
vhosts to Apache webserver. I'll prepare the required apache 
system-config changes.


I've added a blueprint for this at openstack-ci launchpad:
https://blueprints.launchpad.net/openstack-ci/+spec/groups-oauth2-authentication

Brgds,
  Marton Kiss
_______________________________________________
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra




_______________________________________________
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra






















					Reply via email to