sbp commented on issue #872: URL: https://github.com/apache/tooling-trusted-releases/issues/872#issuecomment-4048193035
Potential steps: 1. Write to User when a user logs in. 2. Augment this with LDAP data if necessary. 3. Create a pubsub listener for LDAP. 4. Add some "actions" to the listener, e.g. updating User with banned information if received. 5. Start migrating some of the non-OAuth A/A methods to query User. 6. [etc.] In the initial phase of development we should rely on pubsub to give us all events. Later on we should revalidate directly from LDAP when a user performs the most sensitive actions. We will always revalidate from ASFQuart and LDAP when a user logs in anyway, and sessions are limited in duration, so revalidation will periodically occur anyway. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
