undefined | Better HN

0 pointsJoshTriplett9y ago0 comments

Developers have the same identity no matter who they work for.

It makes sense to separate access ("this person has access to Example Corp's repos only as long as they work for Example Corp") from identity ("this person owns this account").

Introducing single-sign-on as one way to simplify login, and potentially as a second-factor for gaining access to repositories run by the business, makes sense. Making developers create entirely separate accounts doesn't.

0 comments

cstejerean9y ago

But it's not just about having access to example corp. If I log in to GitHub from my work laptop then my company technically has access to my personal GitHub account and the repos of any other organization I happen to belong to. It goes the other way around to. If an attacker hacks my personal laptop and I'm logged into GitHub then they have access to all of my companies repositories.

There are perfectly valid reasons for segregating accounts so that there is complete separation between them.

zawaideh9y ago

You company only managed your membership in the GitHub organization. It doesn't have access your personal account or the details within it.

cstejerean9y ago

It does if I am logged in on a company laptop and they control access to that laptop. (This is hypothetical in this case, I happen to know that the particular company I work at does not have any backdoors on my laptop).

JoshTriplettOP9y ago

That's why I'm saying it may make sense to separate identity from access.

zawaideh9y ago

It is the first scenario not the second. The person is gaining access to the GitHub organization via SAML SSO. They are bringing their own identity and do not lose access.

j / k navigate · click thread line to collapse

0 pointsJoshTriplett9y ago0 comments

Developers have the same identity no matter who they work for.

It makes sense to separate access ("this person has access to Example Corp's repos only as long as they work for Example Corp") from identity ("this person owns this account").

0 comments

cstejerean9y ago

There are perfectly valid reasons for segregating accounts so that there is complete separation between them.

zawaideh9y ago

You company only managed your membership in the GitHub organization. It doesn't have access your personal account or the details within it.

cstejerean9y ago

JoshTriplettOP9y ago

That's why I'm saying it may make sense to separate identity from access.

zawaideh9y ago

It is the first scenario not the second. The person is gaining access to the GitHub organization via SAML SSO. They are bringing their own identity and do not lose access.

j / k navigate · click thread line to collapse