David Black added a comment - 03/Jun/2014 2:14 AM - edited From https://bitbucket.org/atlassian/atlassian-seraph/pull-request/4/ser-194-remove-support-for-os_username/diff#comment-2030730 . mlassau : So I suggest you have some small meetings with architect(s) from each product, formulate a migration plan, advertise that plan, and then bring it to the architect forum as a proposal. You can start with Brad Baker and I if you want, as I suspect that the Service Desk requirements will be amongst the most difficult. Lets not forget that in the original proposal: https://extranet.atlassian.com/display/DEV/Getting+rid+of+os_username+and+os_password There were four stages, plus a dependency on first implementing limited user-controlled token-based authentication that can be scoped to a specific URL pattern. I might suggest: Step 0) Find all the scenarios that currently rely on os_user / os_password Step 1) Document alternatives to os_user / os_password as asked for in https://jira.atlassian.com/browse/JRA-38548?focusedCommentId=605222&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-605222 Step 2) Implement cross-product token based authentication framework in Seraph or other with scope limits while working on this, you should liase with other teams interested in token-based auth and Service accounts eg Connect, App Links Step 3) Implement this framework with GUI management etc in at least one product as a proof of concept Step 4) Makes changes to Seraph to make os_user / os_password optional in a way that host apps can choose to have this on or off by default, and allow admins to configure it. (This can happen in a minor release like 2.7.0) Step 5) Educate host products about the options and encourage them to expose token-based auth and opt-out of os_user / os_password by default Step 6) Improve the documentation from Step 1) with new token-based auth Step 7) Wait a few years to allow all products and customers to wean themselves off os_user / os_password