Update patch set 12

Patch Set 12: (1 comment) Patch-set: 12 Attention: {"person_ident":"Gerrit User 28356 \u003c28356@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"REMOVE","reason":"\u003cGERRIT_ACCOUNT_28356\u003e replied on the change"}
2024-01-29 10:51:48 +00:00 · 2024-01-29 10:51:48 +00:00 · 82ae01778f
parent 1734b200e2
commit 82ae01778f
1 changed files with 18 additions and 0 deletions
--- a/18
+++ b/18
@ -52,6 +52,24 @@
      "parentUuid": "ad3ed5e5_18a515a6",
      "revId": "90ffbc6081dee41196fcda7be249c02c9f0364ea",
      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
+    {
+      "unresolved": false,
+      "key": {
+        "uuid": "9c5d6485_482ab577",
+        "filename": "/PATCHSET_LEVEL",
+        "patchSetId": 11
+      },
+      "lineNbr": 0,
+      "author": {
+        "id": 28356
+      },
+      "writtenOn": "2024-01-29T10:51:48Z",
+      "side": 1,
+      "message": "Technically speaking, one should not mix federated user management with local user management. Otherwise, we break the control over the user permissions and authentication processes. I know that systems such as Gitlab and others allow such use cases. However, when you look at the identity federation concept, authentication should be handled by the Identity provider (IdP), and authorization by the service provider (SP) with the attributes released by the IdP after the user authentication and consent. Therefore, we should not allow such situation. I will add the sentence in the spec in bold as you suggested.",
+      "parentUuid": "2e600f95_cf6fdd1c",
+      "revId": "90ffbc6081dee41196fcda7be249c02c9f0364ea",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
    }
  ]
 }