| From: | Álvaro Hernández <aht(at)ongres(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, PostgreSQL WWW <pgsql-www(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Using postgresql.org account as an auth id on third party websites |
| Date: | 2019-09-18 16:35:06 |
| Message-ID: | 1ff2a24e-2421-2cc7-b7a1-aff6a64e2faf@ongres.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On 18/9/19 9:20, Stephen Frost wrote:
> Greetings,
>
> * Álvaro Hernández (aht(at)ongres(dot)com) wrote:
>> On 18/9/19 9:08, Stephen Frost wrote:
>>> I'd also point out that those other organizations are recognized
>>> Community Non-Profits, and/or running Community recognized conferences.
>>> That isn't an explicit 'policy' about what we run on pginfra or what
>>> pginfra manages or is willing to tie things into, just to be clear, but
>>> I do think it provides a good set of examples.
>> If there isn't such a policy, TBQH I don't think this is an example of
>> anything. And if there would be a policy, I believe that being a Community
>> Non-Profit and/or running a Community conference should not be requisites
>> for being able to use postgresql.org login. Why should they be related at
>> all? If anything, this is about providing *conveniency* for PostgreSQL users
>> to log into third party services without having to depend on other third
>> party authentication providers which whom those users may feel less
>> comfortable.
> I addressed this- having that tie-in is a de-facto endorsement of it.
I see this more of a problem than a benefit, specially in the face
of GDPR, but also as a general principle. There are several entities at
play, there should be clear boundaries established.
>
>> FWIW I also organize a Community Recognized Conference
>> (https://pgibz.io)
> Great! Perhaps if it was hosted on pginfra then we could have it
> included as part of the auth system.
That would be very cool. What do we need to do?
>
>> Good, I'm all ears. But I'm still surprised that technical bits are not
>> required for PostgreSQL EU / US, they are separate entities and those bits
>> (at least from a legal perspective) should apply equally.
> The technical bits are around who manages the systems, not around what
> the organizations are. If you'd like us to host postgresqlco.nf, that'd
> be a seperate discussion.
I believe postgresqlco.nf is not a good fit for this use case, but
thanks :) Still, I want to understand:
a) why having intertwined systems is a good and not a bad thing
b) why this cannot be opened to any other third party (policy) and what
is (technically) limiting it
Regards,
Álvaro
--
Alvaro Hernandez
-----------
OnGres
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2019-09-18 21:58:01 | Re: Wiki editor request |
| Previous Message | Álvaro Hernández | 2019-09-18 16:29:52 | Re: Using postgresql.org account as an auth id on third party websites |