On 09/04/2008, Niels Reedijk <niels.reedijk@xxxxxxxxx> wrote: > A while back I proposed OpenID as a possible sollution. The definite > downside of OpenID is - of course - the problems it has with trust. > Especially if we start supplying OpenID's, we will have the difficult > task of being trustworthy, which in my opinion is for entities with > funding and a professional full time system administrator. > > A possible idea is what I would call the 'account.haiku-os.org' > system. Here there is a central server that stores account data, and > it handles authentication, perhaps even using the OpenID protocol. The > advantage of this system is that we do not have to become a trusted > entity. Also, it can be extended to include other services in the > future (such as when we will host our own subversion server, or for > repos.haiku-os.org, or mailing lists, etc.). I definitely like the idea of using a single "authentication" server that various Haiku-related applications can access for authentication purposes. I believe this is one of the goals and designs of OpenID - to provide for and allow authentication that any system could use. Where the authentication comes from is the flexible part - and if it was limited to only Haiku's "account.haiuk-os.org" server, that seems reasonable. If OpenID was used for this, then In theory, I could register on other OpenID-enabled sites using my Haiku OpenID for authentication. If later it was decided to allow OpenID authentication from other trusted OpenID services - that could be possible with minimal effort as well. > The disadvantages will be that you will add dependencies between > systems, and that this system still has to be investigated further. AFAIK, It would add only one dependency to all systems - an authentication server itself. But on the other hand, if it was chosen to allow OpenID from other servers, that would decentralize the authentication process - I could maybe login to Haiku's websites using my gmail account or whatever if it also supported OpenID. Thus, it becomes a flexible solution. That would also takes the onus off Haiku to maintain a secure login and authentication system, and put the onus on the individuals to make sure they use a reputable service that they trust. At that point, if a given user's authentication service is down, they're the only ones affected, not the entire userbase of the Haiku website. It also becomes their problem to contact their provider and resolve the problem. I don't know a huge amount about OpenID, but from the few discussions I've had - it seems like a really good option for web services that simply require user authentication, but don't necessarily want or need to maintain the authentication data itself. Now, is this reasonable in any short-term decision? Probably not. More web applications are adopting OpenID all the time - so I would expect both Drupal and Trac to support it either now, or in the near future. - Urias ----------------------------------------------------------------------- haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List