Re: Using postgresql.org account as an auth id on third party websites
| От | Magnus Hagander |
|---|---|
| Тема | Re: Using postgresql.org account as an auth id on third party websites |
| Дата | |
| Msg-id | CABUevEwr=Teu7=2MDmqMO-FB0ougMARkJ+xytxNx2qYkXc7msQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Using postgresql.org account as an auth id on third partywebsites (Álvaro Hernández <aht@ongres.com>) |
| Ответы |
Re: Using postgresql.org account as an auth id on third partywebsites
(Álvaro Hernández <aht@ongres.com>)
|
| Список | pgsql-www |
This thread is mostly going around in circles. I don't foresee anything productive coming out of it TBH, but I've cut it down to a few points I'd like to still make.
And yes, I have cut severely in the amount of text, and am responding to three mails at once. Because I see no point in re-iterating the answers that have already been said.
On Fri, Sep 20, 2019 at 3:14 AM Álvaro Hernández <aht@ongres.com> wrote:
On 19/9/19 13:53, Magnus Hagander wrote:On Wed, Sep 18, 2019 at 5:16 PM Álvaro Hernández <aht@ongres.com> wrote:On 18/9/19 3:45, Magnus Hagander wrote:But back on topic, on what concerns my request: let's open this up to any third party organisation --it has already been done. I don't see why having "the team the ability to manage all the data" changes anything. What I'm requesting access to is a system for third-party authentication, similar to "login with Google" or any other auth provider. There's no "forced account delete" mechanism that I'm aware of, and there is little to no information sharing other than "hey, please authenticate this person and let me know the boolean information of whether that was successful or not" (optionally request name and email, as other authentication providers do, that is PII, but that's it). What auth providers do is a way to force delete a session (an authentication token, which typically expires quickly, but could be forcibly expired). This is optional, and in no way would force any deletion on the third party (it is the user who should use the third party's account deletion procedures).Just because Google does something one way, doesn't mean that we want to do it that way. We are allowed to treat our users better than Google treat their tracking-victims for example, and would like tostick to that level.
I used Google as an example. You came back with an unrelated, Google rant (????).
You are correct, my apologies. That was terrible phraising.
So what I meant to highlight was: you use Google as an example of a free authentication provider. That is not correct -- you pay to use google authentication by feeding google tracking data about your users. The same goes for any of the other examples of other authentication providers mentioned. It is not wrong to label them authentication providers, but it *is* wrong in this context to label them as free.
Oh, and as a general rule, "requesting" unpaid volunteers to do work for you for free is in general not a great way to get them enthusiastic about helping out.
Did I do so? I don't recall where or when I said that.
Your own words, in the text above:
". What I'm requesting access to is a system for third-party authentication, similar to "login with Google" or any other auth provider."
". What I'm requesting access to is a system for third-party authentication, similar to "login with Google" or any other auth provider."
How is that not "requesting", when you use that very word?
> >> - Either volunteers, due to being unpaid, are not doing their job
> >> correctly (completely);
> > tbh as one of those volunteers, I kinda find it pretty irritating that
> > that the very first time somebody asks for community auth being opened
> > to non-pginfra managed sites an association of "us" not doing our job
> > correctly comes up just because that feature does not (and/or is not
> > implemented in the way you want it) do like.
> TBQH, I'm having a really hard time to understand how this
> conclusion could be derived from my words. But it doesn't matter, it's
> my bad anyway if I made you, or anyone else, feel this way.
> >> correctly (completely);
> > tbh as one of those volunteers, I kinda find it pretty irritating that
> > that the very first time somebody asks for community auth being opened
> > to non-pginfra managed sites an association of "us" not doing our job
> > correctly comes up just because that feature does not (and/or is not
> > implemented in the way you want it) do like.
> TBQH, I'm having a really hard time to understand how this
> conclusion could be derived from my words. But it doesn't matter, it's
> my bad anyway if I made you, or anyone else, feel this way.
So you write "Either volunteers, due to being unpaid, are not doing their job correctly (completely);"
-- but we're not supposed to read that as the volunteers not doing their job?
Is there anything you write that actually means what it says? Because it's really hard to understand what you mean if you write them using words that mean other things.
This is the second time it's literally in the very text you quote and then deny having said.
> * you didn't read it (in which case, please do);
You should maybe try that yourself? At least read the parts that you wrote yourself?
> * or you are acting in bad faith, by replying to the first sentence only, and deleting the following paragraph.
Yes, I did cut intentionally in this email, just like Dave did. I don't know why he did it, but it should be clear why I did it.
So you are basically repeatedly accusing the pginfra volunteers of not doing a proper job. Then you are accusing a core team member of acting in bad faith.
So yeah, I think it's time to close this thread out.
> I believe this argument of "send patches if you want anything to change" is pretty limited in its vision. Because there are many other ways, many of which may be much more efficient to achieve the same result.
It might be limiting. But it's how the entire PostgreSQL project has worked through all time. If you want something done, you either do it yourself or you convince somebody else to do it. And accusing others of not doing their job has never been a way to accomplish that.
> Why? Can you elaborate? Is there any place where I can find this technical details, given that it is so hard to get any more detailed response on this email thread?
In the very first response on this thread, Jonathan sent you the link to the documentation *and source code* for the system. If that's not technical enough, then what you actually want? I can send you a precompiled bytecode file?
> ... while not changing the substance of it: pg-infra is:
> * Providing hosting services to entities like the PostgreSQL Europe Association.
> * Providing login service to entities like the PostgreSQL Europe Association.
> * Probably other services, and to other entities.
> * Not willing to provide the above services to any other entity.
> This is creating a differentiation (through discrimination) and exclusiveness that nobody here is addressing but me. Don't you see it? I understand how things came this way, and I'm fine with this. But once this is identified, this needs to be resolved.
> * Providing login service to entities like the PostgreSQL Europe Association.
> * Probably other services, and to other entities.
> * Not willing to provide the above services to any other entity.
> This is creating a differentiation (through discrimination) and exclusiveness that nobody here is addressing but me. Don't you see it? I understand how things came this way, and I'm fine with this. But once this is identified, this needs to be resolved.
Except you have explicitly *rejected* the offer of being hosted on pginfra. It was offered, and you said no. Surely that is not *our* fault.
There is nothing preventing you from hosting your service on pginfra under the same terms as anybody else. But you didn't *want* that.
In summary:
You wrote:
> postgresqlco.nf is a free service, developed and run by OnGres. I don't think is a good fit to run on a non-profit entity's infrastructure. Is PostgreSQL infra providing hosting services for companies?
And you are absolutely correct. PostgreSQL infra is not providing hosting services for companies.
So why should we build and maintain an authentication service for companies?
This thread is clearly not getting anywhere. Let's close it here.
I would suggest you proceed down one of two paths:
1. Provide an actual complete proposal *including the code to implement it*, which also outlines the requirements to support the system long-term, for something based on the current community authentication. This has repeatedly been requested. You don't like this option, so that's fine.
2. Build out a working authentication service that solves this problem, under a different umbrella. Once you have a proven solution for it, you will have a much easier time convincing people of using it, instead of just requesting other people to the work. I would *love* for pginfra not to have to have to deal with the user service parts of handling it for example. Anything that solves that part would be *much* appreciated, and it would be an actual *improvement* over what is there today.
//Magnus
В списке pgsql-www по дате отправления:
Предыдущее
От: Álvaro HernándezДата:
Сообщение: Re: Using postgresql.org account as an auth id on third partywebsites
Следующее
От: Dave PageДата:
Сообщение: Re: Using postgresql.org account as an auth id on third party websites