|
[haiku-web]
||
[Date Prev]
[04-2008 Date Index]
[Date Next]
||
[Thread Prev]
[04-2008 Thread Index]
[Thread Next]
[haiku-web] Re: Trac migration to AccountManager
- From: "Urias McCullough" <umccullough@xxxxxxxxx>
- To: haiku-web@xxxxxxxxxxxxx
- Date: Wed, 9 Apr 2008 13:22:13 -0700
On 09/04/2008, Niels Reedijk <niels.reedijk@xxxxxxxxx> wrote:
> 2008/4/9, Jorge G. Mare <koki@xxxxxxxxxxxxxx>:
>
> > On Wed, 2008-04-09 at 12:37 -0700, Urias McCullough wrote:
> > > Now, is this reasonable in any short-term decision? Probably not. More
> > > web applications are adopting OpenID all the time - so I would expect
> > > both Drupal and Trac to support it either now, or in the near future.
> >
> >
> > Drupal has an OpenID module.
> >
> > http://drupal.org/project/openidurl
>
>
> Trac 0.11 too.
>
> http://www.trac-hacks.org/wiki/AuthOpenIdPlugin
>
> I will look at the available OpenID servers for a possible
> account.haiku-os.org. I am especially interested in seeing whether the
> server can run as a limited server (so that it only works within the
> haiku-os.org domain).
Well actually - we don't necessarily care if people with haiku-os.org
accounts use them for authentication elsewhere do we? (for example,
HUGs and community sites could even use a haiku-os.org openid server
for authentication of their members if they wanted to - without any
further work). Since there's no transfer of the user's authentication
data from the OpenID server to the site requesting authentication,
this is still secure by design.
I think the problem you proposed earlier is making sure that Trac and
Drupal only allow authentication from a server (or servers) that we
believe are trustworthy right?
I don't know if that's possible :)
-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List
|
|
