Postgres Pro
Downloads
Home   >   mailing lists

Re: Using postgresql.org account as an auth id on third partywebsites - Mailing list pgsql-www

From Stephen Frost
Subject Re: Using postgresql.org account as an auth id on third partywebsites
Date
Msg-id 20190918160833.GA6962@tamriel.snowman.net
Whole thread Raw
In response to Re: Using postgresql.org account as an auth id on third party websites  (Magnus Hagander <magnus@hagander.net>)
Responses Re: Using postgresql.org account as an auth id on third partywebsites  (Álvaro Hernández <aht@ongres.com>)
List pgsql-www
Tree view 
Greetings,

* Magnus Hagander (magnus@hagander.net) wrote:
> On Wed, Sep 18, 2019 at 12:25 AM Álvaro Hernández <aht@ongres.com> wrote:
> > On 17/9/19 14:14, Jonathan S. Katz wrote:
> >      Fair enough. Now.... I'd like not to waste any resources before
> > having that "longer conversation" then, which I hope it is not that
> > long. We're building a user authentication system on top of
> > https://postgresqlco.nf that will use external id providers like Google
> > Account, Twitter and others. We'd like to provide postgresql.org
> > community account as a first-class citizen authentication mechanism,
> > since this is something for the PostgreSQL Community as a whole. If this
> > is possible, great! If not, we should know asap and stick with the other
> > providers only --but I hope should not be a big deal.
>
> So far, we have only approved services running fully managed by the
> infrastructure team to handle this. Some of them are managed by different
> organisations (such as PostgreSQL Europe or PostgreSQL US), but since they
> are running on the main infrastructure there the team has the ability to
> reach and manage all the data.

I'd also point out that those other organizations are recognized
Community Non-Profits, and/or running Community recognized conferences.
That isn't an explicit 'policy' about what we run on pginfra or what
pginfra manages or is willing to tie things into, just to be clear, but
I do think it provides a good set of examples.

> Right now, the system isn't really set up to handle things outside of that,
> as some things (particularly in relation to our new friend the gdpr) are
> handled completely manually and are not in the system. There are a number
> of things that should be implemented before doing something like that, such
> as the ability to push out a forced account delete (no API for that now).
> Or at the very least, a second level of consent about sharing data in an
> irretrievable way.

Yes, there's some technical bits too, but that might be something we
could work out a solution to.

Thanks,

Stephen
Attachment

pgsql-www by date:

Previous
From: Álvaro Hernández
Date:
Subject: Re: Using postgresql.org account as an auth id on third partywebsites
Next
From: Stephen Frost
Date:
Subject: Re: Using postgresql.org account as an auth id on third partywebsites