Update patch set 12
Patch Set 12: (1 comment) Patch-set: 12 Attention: {"person_ident":"Gerrit User 28356 \u003c28356@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"REMOVE","reason":"\u003cGERRIT_ACCOUNT_28356\u003e replied on the change"}
This commit is contained in:
parent
1734b200e2
commit
82ae01778f
|
@ -52,6 +52,24 @@
|
|||
"parentUuid": "ad3ed5e5_18a515a6",
|
||||
"revId": "90ffbc6081dee41196fcda7be249c02c9f0364ea",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": false,
|
||||
"key": {
|
||||
"uuid": "9c5d6485_482ab577",
|
||||
"filename": "/PATCHSET_LEVEL",
|
||||
"patchSetId": 11
|
||||
},
|
||||
"lineNbr": 0,
|
||||
"author": {
|
||||
"id": 28356
|
||||
},
|
||||
"writtenOn": "2024-01-29T10:51:48Z",
|
||||
"side": 1,
|
||||
"message": "Technically speaking, one should not mix federated user management with local user management. Otherwise, we break the control over the user permissions and authentication processes. I know that systems such as Gitlab and others allow such use cases. However, when you look at the identity federation concept, authentication should be handled by the Identity provider (IdP), and authorization by the service provider (SP) with the attributes released by the IdP after the user authentication and consent. Therefore, we should not allow such situation. I will add the sentence in the spec in bold as you suggested.",
|
||||
"parentUuid": "2e600f95_cf6fdd1c",
|
||||
"revId": "90ffbc6081dee41196fcda7be249c02c9f0364ea",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
}
|
||||
]
|
||||
}
|
Loading…
Reference in New Issue