The RefStack team would appreciate guidance and recommendation on the
Should any RefStack authenticated user be able to list the users
registered in RefStack?
If the answer is yes, which user information should be returned (full
name, email, OpenID)?
Or ONLY OpenStack Foundation members can list the users in RefStack?
Back ground information:
When a user registers at RefStack, RefStack does not request any user
information input from the user, Instead, RefStack redirects the
registration process to OpenstackId Identity Provider (
https://openstackid.org/ ) and obtains three pieces of user
information ( full name, email, OpenID ) from the OpenstackId Identity
OpenstackId Identity Provider ( https://openstackid.org/ ) treats email
as private information. You will not find email or OpenID information
on any member's public profile on
https://www.openstack.org/community/members/ . Furthermore, if you look
at your own profile on https://www.openstack.org/profile/ , you will
find that email information is listed under the "private information"
Since OpenstackId Identity Provider is the source of the user
information of RefStack, RefStack should respect and not relax the
The user information for review.openstack.org seems to be set in
https://review.openstack.org/#/settings/web-identities and not from
OpenstackId Identity Provider.
RefStack Project PTL
IBM Silicon Valley Laboratory, San Jose, California 95141
email@example.com, Tel: (408) 463-4352 T/L: 543-4352
Defcore-committee mailing list