From: | Álvaro Hernández <aht(at)ongres(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, PostgreSQL WWW <pgsql-www(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Using postgresql.org account as an auth id on third party websites |
Date: | 2019-09-18 16:17:59 |
Message-ID: | ebe78f8b-47c2-5d7c-cf15-069a1596b9d7@ongres.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On 18/9/19 9:08, Stephen Frost wrote:
> Greetings,
>
> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>> On Wed, Sep 18, 2019 at 12:25 AM Álvaro Hernández <aht(at)ongres(dot)com> wrote:
>>> On 17/9/19 14:14, Jonathan S. Katz wrote:
>>> Fair enough. Now.... I'd like not to waste any resources before
>>> having that "longer conversation" then, which I hope it is not that
>>> long. We're building a user authentication system on top of
>>> https://postgresqlco.nf that will use external id providers like Google
>>> Account, Twitter and others. We'd like to provide postgresql.org
>>> community account as a first-class citizen authentication mechanism,
>>> since this is something for the PostgreSQL Community as a whole. If this
>>> is possible, great! If not, we should know asap and stick with the other
>>> providers only --but I hope should not be a big deal.
>> So far, we have only approved services running fully managed by the
>> infrastructure team to handle this. Some of them are managed by different
>> organisations (such as PostgreSQL Europe or PostgreSQL US), but since they
>> are running on the main infrastructure there the team has the ability to
>> reach and manage all the data.
> I'd also point out that those other organizations are recognized
> Community Non-Profits, and/or running Community recognized conferences.
> That isn't an explicit 'policy' about what we run on pginfra or what
> pginfra manages or is willing to tie things into, just to be clear, but
> I do think it provides a good set of examples.
If there isn't such a policy, TBQH I don't think this is an example
of anything. And if there would be a policy, I believe that being a
Community Non-Profit and/or running a Community conference should not be
requisites for being able to use postgresql.org login. Why should they
be related at all? If anything, this is about providing *conveniency*
for PostgreSQL users to log into third party services without having to
depend on other third party authentication providers which whom those
users may feel less comfortable.
FWIW I also organize a Community Recognized Conference
(https://pgibz.io)
>
>> Right now, the system isn't really set up to handle things outside of that,
>> as some things (particularly in relation to our new friend the gdpr) are
>> handled completely manually and are not in the system. There are a number
>> of things that should be implemented before doing something like that, such
>> as the ability to push out a forced account delete (no API for that now).
>> Or at the very least, a second level of consent about sharing data in an
>> irretrievable way.
> Yes, there's some technical bits too, but that might be something we
> could work out a solution to.
Good, I'm all ears. But I'm still surprised that technical bits are
not required for PostgreSQL EU / US, they are separate entities and
those bits (at least from a legal perspective) should apply equally.
Álvaro
--
Alvaro Hernandez
-----------
OnGres
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2019-09-18 16:20:44 | Re: Using postgresql.org account as an auth id on third party websites |
Previous Message | Stephen Frost | 2019-09-18 16:13:37 | Re: Using postgresql.org account as an auth id on third party websites |