Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify langauge about types of identity management in source track #1264

Open
adityasaky opened this issue Jan 1, 2025 · 0 comments
Open

Clarify langauge about types of identity management in source track #1264

adityasaky opened this issue Jan 1, 2025 · 0 comments
Labels
source-track

Comments

@adityasaky
Copy link
Member

The source track currently says:

There exists an identity management system or some other means of identifying actors. This system may be a federated authentication system (AAD, Google, Okta, GitHub, etc) or custom implementation (gittuf, gpg-signatures on commits, etc). The SCS MUST document how actors are identified for the purposes of attribution.

Should we clarify the text in the table so we aren't distinguishing between "federated" and "custom" implementations? I'm not sure we want to be bucketing specific mechanisms anymore, for what it's worth.

First raised in #1133 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
source-track
Projects
Issue triage
Status: 🆕 New
SLSA Source Track
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adityasaky