diff options
author | Shawn O. Pearce <sop@google.com> | 2009-03-01 11:09:05 -0800 |
---|---|---|
committer | Shawn O. Pearce <sop@google.com> | 2009-03-01 11:09:05 -0800 |
commit | 142385def74cbd25b94c36fd89278f65bb9380e7 (patch) | |
tree | 422e0a7765072e3c724c65bf95cd2b5038c04bf5 | |
parent | 4505b19403cd04a78766ad7ce76cdc7c947aa4bd (diff) |
Mention the OpenID provider restriction feature in our design document
This is an important feature in our security design, as it helps to
reduce the attack surface available due to the use of OpenID.
Signed-off-by: Shawn O. Pearce <sop@google.com>
-rw-r--r-- | Documentation/dev-design.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Documentation/dev-design.txt b/Documentation/dev-design.txt index 89ec989a98..14400836f2 100644 --- a/Documentation/dev-design.txt +++ b/Documentation/dev-design.txt @@ -295,6 +295,16 @@ a Google Account" link on its sign-in screen. Gerrit also supports a shorthand sign in link for Yahoo!. Other providers may also be supported more directly in the future. +Site administrators may limit the range of OpenID providers to +a subset of "reliable providers". Users may continue to use +any OpenID provider to publish comments, but granted privileges +are only available to a user if the only entry point to their +account is through the defined set of "reliable OpenID providers". +This permits site administrators to require HTTPS for OpenID, +and to use only large main-stream providers that are trustworthy, +or to require users to only use a custom OpenID provider installed +alongside Gerrit Code Review. + Gerrit integrates with some types of corporate single-sign-on (SSO) solutions, typically by having the SSO authentication be performed in a reverse proxy web server and then blindly trusting that all |