On Fri, 2011-07-29 at 18:57 +0100, Martyn Taylor wrote:
We intend to use OAuth across components for authentication. This would require adding OAuth Provider support to conductor and OAuth client support to each component accessing protected resources. Katello already supports a OAuth (two-legged) which hopefully means relatively straight forward integration once we have the other parts in place.
I think there's been some confusion about OAuth, what Katello uses it for and what we would use it for.
In Katello's case, it is actually an OAuth consumer and uses it when authenticating against Candlepin and Pulp's REST APIs.
Two-legged means that Candlepin/Pulp don't authenticate a user, but rather authenticate Katello using a shared secret. Katello passes Candlepin/Pulp the username via a HTTP header.
IMHO, the comparable case for us is Conductor authenticating against IWHD and Image Factory.
Cheers, Mark.