Hayden B
Hayden B
I see in the error output it's prefixed with `gcpkms:/` instead of `gcpkms://`. If you add an extra slash, do you still get the error?
Assuming the identity is an email, we can either add this as an `email` OIDC issuer or under Dex. Before adding any new IDPs, I'd like to make sure the...
Thanks for going through these! We're planning to formalize these, as they're a little rough and unclear at the moment. > I will say that during the 15+ years eduGAIN...
I don't see much difference between a certificate for the email "[email protected]" and a certificate for the username "user" from Microsoft. In both cases, you need to be aware of...
I'm a huge fan of pushing verification logic into sigstore/sigstore. I'm quite concerned that as we build more clients, even with robust client conformance testing, there will be subtle verification...
I don't know the best issue to ask this on, but to avoid creating another issue, I'll just throw this question here: Should we recommend against users signing artifacts released...
I'm wondering if this should be part of the client specification in the architecture docs - Recommended but not enforced behavior. Or maybe a section on recommended policy? > For...
Before moving over all of these functions into `pkg`, we will need to review what's public as not all functions should be publicly available, add documentation, etc.
In addition to email verification, should we also verify proof of ownership over the domain? This avoids domain squatting issues. We could use DNS entries to verify domain ownership, like...