Authentication in netdata should be distributed, much like the registry.
A central netdata should act as the authentication server. The only configuration of all other netdata servers should be: authentication on/off and authentication server to be consulted.
The authentication server could be related with the registry (i.e. properties of the person objects the registry already maintains).
Back-end authentication should be performed with PAM (i.e. linux username/password, supporting all Linux back-ends), or other OAuth providers (google, github, etc). The supported back-ends should be configured at the central authentication netdata server only.
Netdata should also support API keys to allow third party applications get access to certain features or charts of each netdata.