Change: clarify section on IDP

1 files changed, 14 insertions, 2 deletions

diff --git a/architecture.mdwn b/architecture.mdwn
index 1c4f7fb..eee89a1 100644
--- a/architecture.mdwn
+++ b/architecture.mdwn
@@ -214,9 +214,12 @@ to all API providers at deployment time.
 Getting an access token
 -----------------------------------------------------------------------------
 
-(We don't have an IDP for handing out access tokens. Each API client
+(FIXME: We don't have an IDP for handing out access tokens. Each API client
 gets the RSA key pair to sign tokens itself. This will be fixed
-later.)
+later. We will be using [Qvisqve][] as the IDP and OAuth2 client
+credentials grants for getting access tokens.)
+
+[Qvisqve]: http://www.qvarn.org/qvisqve/
 
 The API client (user's command line tool, a putative web app, git
 server, worker-manager, etc) authenticates itself to the IDP, and if
@@ -238,6 +241,15 @@ privileges by the sysadmin.
 All API calls need a token. Getting a token happens the same way for
 every API client.
 
+FIXME: The exception, at least for now, is the API call to trigger a
+project build. This is currently un-authenticated, to avoid
+difficulties in distributing credentials to git servers. We will
+eventually make that API call also require authentication and add a
+"trigger service", with an unauthenticated API call that git servers
+can use to notify of changes in a git repository. The trigger service
+will examine the change and decide if it warrants a build to be
+triggered.
+
 
 Worker (worker-manager) registration
 -----------------------------------------------------------------------------