Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify langauge about types of identity management in source track #1264

Closed
adityasaky opened this issue Jan 1, 2025 · 2 comments
Closed

Clarify langauge about types of identity management in source track #1264

adityasaky opened this issue Jan 1, 2025 · 2 comments
Labels
source-track

Comments

@adityasaky
Copy link
Member

The source track currently says:

There exists an identity management system or some other means of identifying actors. This system may be a federated authentication system (AAD, Google, Okta, GitHub, etc) or custom implementation (gittuf, gpg-signatures on commits, etc). The SCS MUST document how actors are identified for the purposes of attribution.

Should we clarify the text in the table so we aren't distinguishing between "federated" and "custom" implementations? I'm not sure we want to be bucketing specific mechanisms anymore, for what it's worth.

First raised in #1133 (comment)
@github-project-automation github-project-automation bot moved this to 🆕 New in Issue triage Jan 1, 2025
@adityasaky adityasaky mentioned this issue Jan 1, 2025
Merged
@zachariahcox
Copy link
Contributor

@adityasaky that's fine with me! I think this wording was there to describe the wide range of options available to implementers more than to be a complete list.

@zachariahcox zachariahcox moved this to Ready for work! in SLSA Source Track Jan 27, 2025
zachariahcox pushed a commit that referenced this issue Jan 28, 2025
@adityasaky
content: Clarify types of identity management in source track (#1265)
7f33021 
Attempt at addressing #1264

cc @TomHennen and @zachariahcox

Signed-off-by: Aditya Sirish <[email protected]>
@adityasaky
Copy link
Member Author

Addressed in #1265

@github-project-automation github-project-automation bot moved this from Ready for work! to Done in SLSA Source Track Jan 28, 2025
@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Issue triage Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
source-track
Projects
Issue triage
Status: Done
SLSA Source Track
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adityasaky @zachariahcox