From hughsient at gmail.com Mon Jul 2 17:21:59 2018 From: hughsient at gmail.com (Richard Hughes) Date: Mon, 2 Jul 2018 18:21:59 +0100 Subject: [Lvfs-announce] Adding ODM accounts for OEMs Message-ID: Hi all, We've just deployed another feature to the LVFS that might be useful to some of you. First, some nomenclature: OEM = Original Equipment Manufacturer, the user-known company name on the outside of the device, e.g. Sony, Panasonic, etc ODM = Original Device Manufacturer, typically making parts for one or more OEM, e.g. Foxconn, Compal There are some OEMs where the ODM is the entity responsible for uploading the firmware to the LVFS. The per-device QA is typically done by the OEM, rather than the ODM, although it can be both. Before today we didn't have a good story about how to handle this other than having a "fake" oem_odm at oem.com useraccounts that were shared by all users at the ODM. The fake account isn't of good design from a security or privacy point of view and so we needed something better. The LVFS administrator can now mark other vendors as "affiliates" of other vendors. This gives the ODM permission to upload firmware that is "owned" by the OEM on the LVFS, and that appears in the OEM embargo metadata. The OEM QA team is also able to edit the update description, move the firmware to testing and stable (or delete it entirely) as required. The ODM vendor account also doesn't have to appear in the search results or the vendor table, making it hidden to all users except OEMs. This also means if an ODM builds firmware for two different OEMs, they also have to specify which vendor should "own" the firmware at upload time. This is achieved with a simple selection widget on the upload page, but will only be shown if affiliations have been set up. The ODM is able to manage their user accounts directly, either using local accounts with passwords, or ODM-specific OAuth which is the preferred choice as it means there is only one place to manage credentials. If anyone needs more information, would like me to set up additional ODM accounts for them, or has any concerns, please email me off list. Thanks! Richard