Overview
With version NDS Labs v 1.0, we manage account information in etcd and account creation is done through a simple form. Going forward, we need to support standard signup and approval workflows, as well as password recovery and change management features. We've discuss leveraging Oauth and external IdPs (e.g., Github) or Shibboleth. This Using Oauth raises the question of whether we need to run our own local IdP or can depend on these external servicesfor users without Github or other external accounts.
If we rely exclusively on external IdPs, we avoid needing to provide the standard registration/verification workflow as well as password recovery and management. We will still need to deal with authentication and authorization into our service. This likely means implementing an authorization and approval workflow after the user has "signed up" with the selected Oauth provider.
If we decide to host our own IdP, we'll need to select from available open source identity service providers (below) . We and we will still need to deal with authentication and authorization into our service.
Question:
...
Requirements
- Ability to manage users and groups
- Login, forgot password, password reset
- Signup and approval workflow
- Oauth support
...