Board to vote on the mantra requirement
'Sandro Santilli'
strk at kbt.io
Mon Jun 15 10:19:51 PDT 2026
On Mon, Jun 15, 2026 at 12:40:20PM -0400, Regina Obe wrote:
> The main pain points I see with LDAP brought up:
>
> a) The MFA brought up in the motion - which I agree with that we need MFA for LDAP for the id.osgeo.org but I suspect that is not that hard to fix.
Note that some of our services already support multi-factor authentication locally,
for example Gitea: https://gitea.osgeo.org/user/settings/security
To activate MFA we need a _second_ factor, so by definition something in addition to what we already have, which means you don't need to ditch LDAP in order to get MFA.
> b) What LDAP is used for that it may not need to be:
>
> 1) Signing up for code sprints on WIKI
I'm not familiar with the code sprints setup, I guess even an email would be ok to sign-up ?
> 2) The large number of QGIS plugin authors needing an OSGeo account
I think the QGIS Plugins Repository service could just accept whatever
passport is provided by the companies QGIS PSC decides to trust, there's
no need to change anything on the OSGeo infrastructure side for that, and
definitely we don't need a centralized Keycloack for that (as long as I know).
I see the "accept other passports" as something we want to enable or disable
on a per-service basis. Some services provide more protection against spam,
some are weaker, we want stronger identity for the weaker ones, I think.
--strk;
Libre GIS consultant/developer 🎺
https://strk.kbt.io/services.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20260615/717b986c/attachment-0001.sig>
More information about the Sac
mailing list