New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GitHub Enterprise Production Readiness Document Review - Authentication, Authorization, Audit Log Ingestion, Monitoring and Alerting #322
Comments
I'm in favor of the hybrid model over the federated model. Federated lets a poorly governed org to be compromised more easily by a bad actor. The hybrid model gives LF staff a break glass mechanism. |
I've also added a series of comments in the doc. It looks like we have a few separate things to officially consider that the TAC will need to provide feedback on the preferred direction on. We can work these asynchronously or we can make it part of the next call (28May). |
me-- fat.fingers-- |
Staff is seeking a decision from the TAC on these elements from Dana's doc: @ossf/tac please add a comment that indicates your choices for these 4 items |
1.) Hybrid |
Here's the collective view after polling several folks that work on Sigstore:
|
Thanks everyone for investing time.....This issue is per Arnaud's request in response to the 4/30 TAC pre-read that CRob shared.
GitHub Enterprise Production Readiness Document needs TAC review and feedback. The document covers Authentication, Authorization, Audit Log Ingestion, Monitoring and Alerting. Authentication and authorization contents are built in conjunction with TAC issue 292 ( GitHub enterprise account structure and shared responsibility model). It is easier to review the account structure and shared responsibility model first before review the documents under this issue.
Production readiness document for this issue is here: https://docs.google.com/document/d/1E5RAj0EvOQp-bF8B3gf09Bp0NiZEcqMtZ5Sa__QXbDQ/edit#heading=h.whnal1dq5jsm
The text was updated successfully, but these errors were encountered: