Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

content: Clarify types of identity management in source track #1265

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

content: Clarify types of identity management in source track #1265

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions docs/spec/draft/source-requirements.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,8 +212,13 @@ Exceptions are allowed via the [safe expunging process](#safe-expunging-process)
<td><td>✓<td>✓
<tr id="identity-management"><td>Identity Management<td>

There exists an identity management system or some other means of identifying actors.
This system may be a federated authentication system (AAD, Google, Okta, GitHub, etc) or custom implementation (gittuf, gpg-signatures on commits, etc).
There exists an identity management system or some other means of identifying
and authenticating actors. Depending on the SCS, identity management may be
provided by source control services (e.g., GitHub, GitLab), implemented using
cryptographic signatures (e.g., using gittuf to manage public keys for actors),
or extend existing authentication systems used by the organization (e.g., Active
Directory, Okta, etc.).

The SCS MUST document how actors are identified for the purposes of attribution.

Activities conducted on the SCS SHOULD be attributed to authenticated identities.
Expand Down
Loading