-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Principal group management #3
Comments
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User groups could be implemented by representing the group as a principal and giving all members of the group delegate permissions on the group itself.
The text was updated successfully, but these errors were encountered: