[Mailman-Developers] User-centric authentication and access control
Waldbieser, Carl
waldbiec at lafayette.edu
Tue Sep 1 17:15:47 CEST 2015
I know that currently, mailman roles are set up such that the roles themselves have a shared password per role. I want to be able to move away from that model and have roles assigned to individual user accounts that would allow access to the admin interfaces for individual lists.
For example, say we have mail lists "Campus" and "Board of Trustees". I might have roles "campus_moderators", "campus_admins", "boardoftrustees_moderators", and "boardoftrustees_admins".
If I assign the role campus_admins to user "johnsmith", I would like this user to be able to access the mailman admin interface for the "Campus" list using his own credentials. Ideally, "johnsmith" would not have to present his primary credentials to the mailman interface because our institution has a web single sign-on infrastructure (Web SSO).
I would like to actually move the authentication and role management *outside* of mailman and have the administrative interface consume the role based information from external sources (e.g. LDAP, CAS or SAML2 attribute release), so I am looking for a more "pluggable" authentication and access management architecture.
Does anything like this exist for Mailman, or is it on the roadmap? Are there technical guidelines for how one might contribute toward something like this?
Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College
More information about the Mailman-Developers
mailing list