Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

federated authentication + user profiles + mailing #1673

Open
satra opened this issue Aug 18, 2023 · 3 comments
Open

federated authentication + user profiles + mailing #1673

satra opened this issue Aug 18, 2023 · 3 comments
Assignees
@waxlamp
Labels
enhancement New feature or request

Comments

@satra
Copy link
Member

satra commented Aug 18, 2023

we have to currently use several layers of determination to approve users. to change and simplify the process for 90% of users, here is a proposal:

MVP

  • use in common federation (https://incommon.org/federation/) to allow anyone at a university or part of the federation to sign up for dandi
  • do not activate the account, unless they also:
    • create a github account and link it to their profile
    • create an ORCID link
  • for previous users, we can request the same for the next time they need to log in (we can force that by removing API tokens).
  • create a user profile page to establish account links and connections

MVP + 1

  • setup a mechanism to email registered users

MVP + 2 (bring in ReBAC/RBAC)

  • this should be tied in with groups that a person can be part of
  • detect if user emails bounce to determine inactive users
  • add last activity to user profile page
@yarikoptic
Copy link
Member

yarikoptic commented Aug 21, 2023
edited
Loading

incommon has MIT, Dartmouth and other institutions "through" eduroam. It lacks kitware -- @waxlamp might be worth pinging someone at kitware to make them aware and check if possible to "integrate" with it - might be useful in the long run.

edit: only "Allen Institute for Artificial Intelligence" ant not "Allen Institute neuroscience" is there -- so worth pinging them too I guess happen we go that route. @satra who would be the best contact for that?

@yarikoptic yarikoptic added the enhancement New feature or request label Sep 20, 2023
@satra satra mentioned this issue Nov 22, 2023
Open
@yarikoptic
Copy link
Member

I would like to note again project which @satra mentioned originally in

let's consider https://www.keycloak.org/

It is also used by nebari (backref: dandi/dandi-hub#186) so may be making such a choice could help to centralize auth* to this single platform.

@waxlamp waxlamp self-assigned this Aug 24, 2024
@yarikoptic
Copy link
Member

@waxlamp @kabilar what experience/information/opinion you potentially have about KeyCloak and also potentially JWT?

  • keycloak seems to be the solution people keep recommending for user management and centralization of authentication across different auth providers and centralization of roles assignment
    • as mentioned above, nebari uses it already... might simplify (or complicate?) potential future switch to use nebari
  • JWT seems to be generally a very handy (and simple in its idea -- in a nutshell "verifiable signed payload describing what user is allowed to access") standard for distributing verifiable auth data
  • There is https://github.com/marcelo225/django-keycloak-auth "authorizes your application's resources using Django Rest Framework." which might simplify integration with django

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@waxlamp waxlamp

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yarikoptic @satra @waxlamp