From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: gmail+imap+smtp (oauth2) Date: Tue, 10 May 2022 17:51:27 +1000 Message-ID: <87y1z9dcn2.fsf@gmail.com> References: <87o805q2tm.fsf@logand.com> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="3148"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.7.19; emacs 29.0.50 Cc: rms@gnu.org, fitzsim@fitzsim.org, jostein@kjonigsen.net, emacs-devel@gnu.org To: Tomas Hlavaty Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue May 10 10:22:27 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1noL8V-0000aA-70 for ged-emacs-devel@m.gmane-mx.org; Tue, 10 May 2022 10:22:27 +0200 Original-Received: from localhost ([::1]:37878 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1noL8T-0007B2-OJ for ged-emacs-devel@m.gmane-mx.org; Tue, 10 May 2022 04:22:25 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:33912) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1noL4U-0004Bo-81 for emacs-devel@gnu.org; Tue, 10 May 2022 04:18:23 -0400 Original-Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]:40804) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1noL4S-0006Qb-FH; Tue, 10 May 2022 04:18:17 -0400 Original-Received: by mail-pl1-x62d.google.com with SMTP id i1so16092224plg.7; Tue, 10 May 2022 01:18:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:user-agent:from:to:cc:subject:date:in-reply-to :message-id:mime-version; bh=zweu9O4IhK7fodHpEFt/dTR6ojchBqFQXyaTA4PhToA=; b=Uh7S8GPm0sfmyIzV6b33VL5UhQ7p1dwQ4DoTj7D7bXzG10hjzVQKD9RKdF7XeWChAh KWv0ZBA/Xaw0hN9WxeQu4a4ANCcewKegMaPtUft1dR0qjz0nRSW+SK/EbfRvcbxSHo8f uJSLkkunV6Up4ZTFegLdHfHYL5PnOkednVSf2R76jsHyBDQ2Og41QlY5Tj6hq3hDrsDv TwKCT6LGnbekCA04snAbSKB3/R2965Bs/MKP1EJtfekdnvnlPxKt0q1DylK1q3Un3Qvs /rOg6mseaimhV2oHHyW1sqsnoWg0h2+e2EwKrxjsxpL2ZH39lB0OouGyczwqWOt6JRUW z8jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:references:user-agent:from:to:cc:subject:date :in-reply-to:message-id:mime-version; bh=zweu9O4IhK7fodHpEFt/dTR6ojchBqFQXyaTA4PhToA=; b=6p5Nei4QkdVldYa+4YcF8gv3f0Fz6FoCUR7RaCqKqMU/5XE4xcwZtnKZ2Ru/BcxJL6 OOLm5wPKO+2/z/KsPmfcugPfIoLLeNWcD5voWYJR48QbB2HY2Jbe+kWDR+dsfPPzHpRU +xAaxD7EhfP+Xvbrnh3Tok5ElNapXhICo7xUKePePKaWZYMxFA1G/cvlctTJw3XvxWlS ah7GLMLf/kstFRyoesS88sYSzTwoCeanNU+a85EQDUuxC0S7ILB0eR3busCXA0ufbRYB M5pD+IQTbK0eTuiU11UcYLgIQdpqJ4V5BMB4+Hw1l5vuKV9JOxnL2qtvyx5EMKMWFee1 8E9Q== X-Gm-Message-State: AOAM5308am/JKopkuHcmIy9ji1PghflTaqIigyhoDctPx4rMuOXYzz8G 3qQOENLUyXLUcPffeB2vZWMltN8WygM= X-Google-Smtp-Source: ABdhPJz+ajQ+qYcSfMxFZgbZ4BlihcYN1r8logQp1W1G/LFogs3gCHOzdFxkHxOYcGSX76OMRLY5eA== X-Received: by 2002:a17:903:124a:b0:154:c7a4:9375 with SMTP id u10-20020a170903124a00b00154c7a49375mr19679363plh.0.1652170694403; Tue, 10 May 2022 01:18:14 -0700 (PDT) Original-Received: from dingbat (220-235-29-41.dyn.iinet.net.au. [220.235.29.41]) by smtp.gmail.com with ESMTPSA id g5-20020a635205000000b003c14af5060esm10213714pgb.38.2022.05.10.01.18.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 May 2022 01:18:14 -0700 (PDT) In-reply-to: <87o805q2tm.fsf@logand.com> Received-SPF: pass client-ip=2607:f8b0:4864:20::62d; envelope-from=theophilusx@gmail.com; helo=mail-pl1-x62d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:289576 Archived-At: Tomas Hlavaty writes: > On Mon 09 May 2022 at 10:01, Tim Cross wrote: >>> In case a school demands you have a Gmail account, it would be useful >> [...] >> There is no way any institution would support such a workflow. Apart >> from the additional resource demands, it would raise lots of questions >> regarding staff knowing student's email passwords. In many >> schools/Universities, email is considered an official record and many >> critical workflows are based around it (enrolling, unenrolling, >> assignment submission, various approval processes etc). > > When a school/university demands gmail account > and google locks me out of my gmail account, > what happens? When a school/university makes a decision to use Google as their email provider, it isn't 'normal' google - it is your school/university's email, essentially hosted by google. As such, your institution controls access, not google. Google just provides the service to your school/university. Often, the setup involves integration with your school/university IAM system i.e. your 'identity' (your username) is managed by the school/university. This integration makes it easier for existing school/university workflows to continue i.e. onboarding of new students/staff, removal of accounts when students/staff leave etc. It also makes integration with other services, such as on-line LMS (Moodle, Blackboard etc) easier as there is just one 'meta directory' of all accounts. This is where oauth2 shows its strengths. Your institituion essentially becomes a identity provider which Google trusts. When you request authorisation credentials, they are provided by your institutions IAM system. Your client then submits those authorisation credentials to get an access token from Google which you then submit to the Google service you want to access (i.e. email). So, if your locked out, it is because your institution has decided to lock you out, not google. Of course, the real solution here is that schools/universitites should just get out of the business of providing email services to students. Instead, they should update their workflows to allow a student to specify what their email is and just leave it at that. Nearly every student who goes to a University or school already has an email address. Being forced to have a new one is not necessarily a 'benefit' (things have progressed since the 80's where most people didn't have an email account). For staff, slightly different situation. Email is considered official records of the institution, so it is fair enough that the email account you get as a staff member is actually part of your work relationship with the institution and not your private email. Unfortunately, it isn't that clean cut, especially for researchers etc who often associate their email address with published articles/research. Things get messy when the individual changes institutions. That is why there are a number of initiatives for having institutional independent identifiers that can be used. Unfortunately, there are more than one such scheme, so it will likely take a few more years before everything becomes standardised and consistent. (things get even more complex with respect to research data, especially when that data is collected through complex funding from private and public bodies - identifying who actually owns the data and who is responsible for on-going costs associated with storing/hosting valuable research data can be complex and difficult to manage).