Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Discuss how to provide access to demo hubs using this organisation #1

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion README.md

This file was deleted.

37 changes: 28 additions & 9 deletions profile/README.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,31 @@
## Hi there 👋
# Welcome! 👋

<!--
Welcome to 2i2c's organisation to manage access to our demo hubs!

**Here are some ideas to get you started:**
## About this organisation

🙋‍♀️ A short introduction - what is your organization all about?
🌈 Contribution guidelines - how can the community get involved?
👩‍💻 Useful resources - where can the community find your docs? Is there anything else the community should know?
🍿 Fun facts - what does your team eat for breakfast?
🧙 Remember, you can do mighty things with the power of [Markdown](https://docs.github.com/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)
-->
Many of 2i2c's JupyterHubs use GitHub as an OAuth provider, and we can manage
who is authorised to access our hubs by scoping to specific GitHub organisations
or teams within an organisation. Occasionally, we run demos and would like to
give access to a specific hub to groups of folk relatively easily. This
organisation exists as a space where we can do that without worrying too much
about the security implications if we were to add everyone to our main
[2i2c org](https://github.com/2i2c-org).

## How 2i2c staff should use this repo

All 2i2c staff members should be Owners of this organisation, with the ability
to invite external collaborators as they see fit. They should create new teams
as needed and add GitHub user accounts that they want to grant access to a demo
hub to.

## Org-wide or teams-based auth?

Hubs can be scoped to allow users from a specific GitHub org, or a specific team.
Best practice here is to have roughly a 1:1 mapping of demo hubs to GitHub teams
(in this org) that permit access to that demo hub, and then set up the demo hub
to have the appropriate [teams-based authentication](https://infrastructure.2i2c.org/hub-deployment-guide/configure-auth/github-orgs/).

While org-wide authentication is not explicitly forbidden, please be aware that
_anyone added to the organisation will have access to all hubs that permit this
organisation_.