|
[haiku-web]
||
[Date Prev]
[04-2008 Date Index]
[Date Next]
||
[Thread Prev]
[04-2008 Thread Index]
[Thread Next]
[haiku-web] Re: Trac migration to AccountManager
- From: "Niels Reedijk" <niels.reedijk@xxxxxxxxx>
- To: haiku-web@xxxxxxxxxxxxx
- Date: Wed, 9 Apr 2008 22:28:33 +0200
Hi Urias,
2008/4/9, Urias McCullough <umccullough@xxxxxxxxx>:
> On 09/04/2008, Niels Reedijk <niels.reedijk@xxxxxxxxx> wrote:
>
> > 2008/4/9, Jorge G. Mare <koki@xxxxxxxxxxxxxx>:
> >
> > > On Wed, 2008-04-09 at 12:37 -0700, Urias McCullough wrote:
> > > > Now, is this reasonable in any short-term decision? Probably not.
> More
> > > > web applications are adopting OpenID all the time - so I would expect
> > > > both Drupal and Trac to support it either now, or in the near future.
> > >
> > >
> > > Drupal has an OpenID module.
> > >
> > > http://drupal.org/project/openidurl
> >
> >
> > Trac 0.11 too.
> >
> > http://www.trac-hacks.org/wiki/AuthOpenIdPlugin
> >
> > I will look at the available OpenID servers for a possible
> > account.haiku-os.org. I am especially interested in seeing whether the
> > server can run as a limited server (so that it only works within the
> > haiku-os.org domain).
>
>
> Well actually - we don't necessarily care if people with haiku-os.org
> accounts use them for authentication elsewhere do we? (for example,
> HUGs and community sites could even use a haiku-os.org openid server
> for authentication of their members if they wanted to - without any
> further work). Since there's no transfer of the user's authentication
> data from the OpenID server to the site requesting authentication,
> this is still secure by design.
Not quite. My problem is not so much that I do not trust the
authentication of other providers, but that if we are providing our
own authentication provider, we have a sort of moral duty to start
protecting the data of the users in more thorough ways than we do now.
I don't think we have the man-power to do that. Actually, if we really
want to protect this data, it would mean that it should be on a server
that is fully controlled by us and not by anyone else. And that is not
the case.
> I think the problem you proposed earlier is making sure that Trac and
> Drupal only allow authentication from a server (or servers) that we
> believe are trustworthy right?
That is not my worry. We could always demand a 'trusted' OpenID
provider if the user is to get more privileges and rights on the
service. For regular usage, I do not believe it will cause any more
problems than it currently can.
N.
-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List
|
|
