First of all, thank you for this RFC, it’s exciting to see the progress on this field.
Personally I would have liked the option to add roles myself, selecting the appropriate permissions of my choice whenever possible. It’s hard to make a common hard-coded template that would match the policy and setup of any development team developing Marketplace apps, so I think customizability would be better here. I second @danielwester in the SSO consideration. Of course approved domains and such will have to follow as well, so we can keep control of who can be added as a participant. I would also like to see the option of access expiry, where we can choose betwen “Never” and a set of time periods like for example x months, 1 year, 2 years. Another access thing I would have liked to see, is OAuth Access to app ownership privileges for a service account that does CI/CD, instead of having to register such an account as a “normal” user.
If I understand correctly, can there still only be one person with “Owner” privileges? I think this setup is brittle, and would very much like to have to option of adding several people as Owner as well.
Cheers,
Elias