omniauth organization setup

Question

omniauth organization setup

bufferoverflow opened this issue 8 years ago · comments

We need to define some policies to manage omniauth account, so I've created the omniauth-org repo to manage such topics:

start of the omniauth organization: omniauth/omniauth-saml#67 (comment)
on boarding of omniauth omniauth/omniauth#836
on boarding of omniauth-instagram omniauth/omniauth-instagram#28
how to on boarding of other omniauth strategies?

/cc @md5 @tmilewski @sferik @ropiku @danwiding @supernova32

Tom Milewski · Answer 1 · Tue Feb 14 2017 07:14:50 GMT+0800 (China Standard Time)

One thing we need to keep in mind when transferring repositories over to the omniauth organization is that we'll also require access to cut new gems.

Mike Dillon · Answer 2 · Thu Feb 16 2017 06:25:28 GMT+0800 (China Standard Time)

Here's what I think moving a gem into the organization should look like:

Create a new team in the organization for the gem maintainers
Add all maintainers to the team
Request that the maintainers add an Omniauth organization owner as an Outside Collaborator with Admin privileges
Owner transfers the repository to @omniauth
Owner grants the new team Admin access to the transferred repository

It's possible that there may be cases where we want an "admin" team that is separate from the "write" team for a particular gem or set of gems. It's also possible that step 3 and 5 may be unnecessary since we allow members to create new repositories. I believe that allows them to assign privileges to teams they are part of.

Mike Dillon · Answer 3 · Thu Feb 16 2017 06:26:26 GMT+0800 (China Standard Time)

@tmilewski I think the discussion of whether anyone needs to grant access to deploy gems is separate. I don't see the purpose of this organization as being centralized management of all things Omniauth, but rather an umbrella that makes it easier to find Omniauth-related gems.

Tom Milewski · Answer 4 · Thu Feb 16 2017 14:36:32 GMT+0800 (China Standard Time)

@md5 [Happy to move this to another thread, if need be.]

I completely agree that the organization's goal shouldn't be around centralized management.

I only mentioned that due to the fact that I think we've all seen a number of OA gems go unmaintained for some time. Heck, some were sitting on major security issues for years.

I feel that having the ability to update access, enabling (new) maintainers to cut gems, is important. Limiting that to the maintainers listed each respective team sounds good to me so long as it's two or more.

This all comes from personal experience wherein one sole person had access to cut OA gems and was 100% MIA. I simply couldn't get a hold of said person despite attempting to contact them via multiple mediums.

Andrej Shadura · Answer 5 · Fri Jan 28 2022 21:51:39 GMT+0800 (China Standard Time)

Hi,
I just wanted to bring to your attention:

I think OpenID Connect is important enough to have it under the maintenance of the organisation and not an individual.