Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Section for pluggable auth backend support #7

Merged
merged 3 commits into from
Jul 6, 2020
Merged

Section for pluggable auth backend support #7

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a885e00
Section for pluggable auth backend support
uranusjr Jun 14, 2020
a6e13e1
Add topics described in PR into the document
uranusjr Jun 21, 2020
bbe9f8a
Apply suggestions from code review
uranusjr Jun 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions FUNDABLES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,17 @@ security checks, DevOps/infrastructure/platform services (including
API/email integration), user experience work, technical writing for end
users, project management, and community outreach.

### Architecture to support alternative authentication methods in packaging tools

Python packaging tools that interact with package indexes, such as pip ([pypa/pip#4475](https://github.com/pypa/pip/issues/4475)) and twine ([pypa/twine#362](https://github.com/pypa/twine/issues/362)), currently only have simple authentication support to secure private sources, such as [basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). Open source tool maintainers acknowledge that when using third-party indices, stronger authentication methods, such as single sign-on, are sometimes required due to organisation policies. We believe it’s beneficial to develop a pluggable Python library that can be depended by the packaging tools to provide additional authentication methods, but lack both the use case and domain knowledge in the area. We are looking for funding and expertise support from organisations.

We are interested in developing a shared interface and implementation for various alternative authentication methods. Support can be developed for both tools (and maybe more), so organisations can choose to install them to be able to use e.g. Kerberos to secure their private package indexes. The work involved would include the following topics:

* A survey of various authentication methods, and how they can be implemented as a pluggable library.
* Develop an interface that tools (e.g. pip) can implement to detect authentication method support, and call into the library that provides it.
* Develop and maintain libraries that implement the various auth methods for users to install when support is needed.


## Security improvements and prerequisites

### System to label projects on PyPI with administrative statuses/attributes
Expand Down