This week-end I had a random thought, which I quickly discussed with
Dennis on
IRC on Sunday but that I thought might be interesting to discuss in a wider
audience.
The initial thought came from a text that Dennis wrote:
"""
Releng tracks this data in 2 systems, 1 of which we own: Koji and Bodhi. Koji
uses ssl certs tied to FAS and bodhi uses FAS for authentication to provide a
strong relationship between a user and the content
"""
Source:
https://fedoraproject.org/wiki/ReleaseEngineering/Philosophy#Auditable
This has lead me to the question: Is this all what SSL certs are bringing us?
The following only works under the assumption that it is.
So SSL certs are basically a certain type of API token. Everyone has one,
specific to koji and the lookaside cache, time limited and gives us a way of
doing authentication and authorization server side.