Badges to Indicate Group Membership on Usernames
Problem to solve
Badges could be added to usernames that indicate:
- is a member of the group for the current issue/MR/etc.
- User is a member of a group in which I am also a member.
- User account is a Group SAML managed account. Badge could be group favicon.
While 3 may still be spoofed with effort, hopefully multiple matching entries would appear suspicious and result in a report.
Intended users
This features is for all users.
Further details
Even withing GitLab, we have struggled with ways to verify our official accounts as GitLab team members, and for those team members with both work and personal accounts, being able to tell the difference when they both appear in searches. While this will not allow non-GitLab team members to positively identify a GitLab team member until we have SAML and group managed accounts for gitlab-com
and gitlab-org
groups, this will be a first iteration towards increasing multi-tenancy features.
Proposal
Permissions and Security
If a group managed accounts for a private group, membership should not be display for any user not in the group.
Documentation
Availability & Testing
What does success look like, and how can we measure that?
We continue to receive customer concerns about cross-group interaction and HackerOne reports about the potential for phishing using similar looking usernames on GitLab.com. This should reduce customer concerns and those reports.