[haiku-web] Re: Trac migration to AccountManager
- From: "Niels Reedijk" <niels.reedijk@xxxxxxxxx>
- To: haiku-web@xxxxxxxxxxxxx
- Date: Wed, 9 Apr 2008 20:37:53 +0200
Hi Axel,
2008/4/9, Axel Dörfler <axeld@xxxxxxxxxxxxxxxx>:
> I know what you are getting at, but IMO it's just a poor excuse to do
> it right (which might be perfectly explained by limited resources,
> though).
Well, doing it right is, at the moment, not that easy to determine. I
have several thoughts running through my mind. Personally, I like the
connection between the systems, but keeping this system in the current
state where the communication between the databases is no longer
behind the same firewall, is definitely the wrong approach.
A while back I proposed OpenID as a possible sollution. The definite
downside of OpenID is - of course - the problems it has with trust.
Especially if we start supplying OpenID's, we will have the difficult
task of being trustworthy, which in my opinion is for entities with
funding and a professional full time system administrator.
A possible idea is what I would call the 'account.haiku-os.org'
system. Here there is a central server that stores account data, and
it handles authentication, perhaps even using the OpenID protocol. The
advantage of this system is that we do not have to become a trusted
entity. Also, it can be extended to include other services in the
future (such as when we will host our own subversion server, or for
repos.haiku-os.org, or mailing lists, etc.).
The disadvantages will be that you will add dependencies between
systems, and that this system still has to be investigated further.
> Of course they are different services, as is Google mail, Blogger, you
> name it. But there is only one provider of the service, and having to
> create more than one account is just annoying. It's perfectly fine to
> have a user database that serves different purposes.
Well, see the account.haiku-os.org. You know, the big problem is not
the account database, but rather finding the best semantics to share
the account data. The account.haiku-os.org idea would probably work
like this: (example)
- nielx wants to log in on www.haiku-os.org.
- The system directs a request to https://account.haiku-os.org/ with a
log in request. This login request contains a request ID, which is
encoded with the public key of account.haiku-os.org.
- The account.haiku-os.org site shows a login page. Nielx logs in.
- account.haiku-os.org accepts the log in. It will encrypt a short bit
of XML with data such as the email address, registration date, full
name, country of residence, and what more. It will encrypted with the
public key of www.haiku-os.org. It will also contain a handshake based
on the request id that was sent.
- The user will be redirected to www.haiku-os.org and is logged in.
I imagine there would be sollutions to perform this, but I still have
to find them. At this point I'm not sure yet what to do. I do not know
yet if spending time on this is efficient.
N.
-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List
Other related posts:
