From a113b35fb06814542227fd7f779e69f0eeee38ed Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 24 Oct 2023 16:01:11 +0100 Subject: [PATCH 1/2] Remove original readme Only readme's under profile/ will be visible on the org landing page --- README.md | 1 - 1 file changed, 1 deletion(-) delete mode 100644 README.md diff --git a/README.md b/README.md deleted file mode 100644 index a46ae92..0000000 --- a/README.md +++ /dev/null @@ -1 +0,0 @@ -# .github \ No newline at end of file From 8063cbd3287863962720a74b79df2427b8f53add Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 24 Oct 2023 16:35:15 +0100 Subject: [PATCH 2/2] Update readme to discuss access for demo hubs --- profile/README.md | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/profile/README.md b/profile/README.md index 596fd67..d1f9424 100644 --- a/profile/README.md +++ b/profile/README.md @@ -1,12 +1,31 @@ -## Hi there 👋 +# Welcome! 👋 - +Many of 2i2c's JupyterHubs use GitHub as an OAuth provider, and we can manage +who is authorised to access our hubs by scoping to specific GitHub organisations +or teams within an organisation. Occasionally, we run demos and would like to +give access to a specific hub to groups of folk relatively easily. This +organisation exists as a space where we can do that without worrying too much +about the security implications if we were to add everyone to our main +[2i2c org](https://github.com/2i2c-org). + +## How 2i2c staff should use this repo + +All 2i2c staff members should be Owners of this organisation, with the ability +to invite external collaborators as they see fit. They should create new teams +as needed and add GitHub user accounts that they want to grant access to a demo +hub to. + +## Org-wide or teams-based auth? + +Hubs can be scoped to allow users from a specific GitHub org, or a specific team. +Best practice here is to have roughly a 1:1 mapping of demo hubs to GitHub teams +(in this org) that permit access to that demo hub, and then set up the demo hub +to have the appropriate [teams-based authentication](https://infrastructure.2i2c.org/hub-deployment-guide/configure-auth/github-orgs/). + +While org-wide authentication is not explicitly forbidden, please be aware that +_anyone added to the organisation will have access to all hubs that permit this +organisation_.