[haiku-web] Re: Trac migration to AccountManager
- From: "Urias McCullough" <umccullough@xxxxxxxxx>
- To: haiku-web@xxxxxxxxxxxxx
- Date: Wed, 9 Apr 2008 12:37:32 -0700
On 09/04/2008, Niels Reedijk <niels.reedijk@xxxxxxxxx> wrote:
> A while back I proposed OpenID as a possible sollution. The definite
> downside of OpenID is - of course - the problems it has with trust.
> Especially if we start supplying OpenID's, we will have the difficult
> task of being trustworthy, which in my opinion is for entities with
> funding and a professional full time system administrator.
>
> A possible idea is what I would call the 'account.haiku-os.org'
> system. Here there is a central server that stores account data, and
> it handles authentication, perhaps even using the OpenID protocol. The
> advantage of this system is that we do not have to become a trusted
> entity. Also, it can be extended to include other services in the
> future (such as when we will host our own subversion server, or for
> repos.haiku-os.org, or mailing lists, etc.).
I definitely like the idea of using a single "authentication" server
that various Haiku-related applications can access for authentication
purposes. I believe this is one of the goals and designs of OpenID -
to provide for and allow authentication that any system could use.
Where the authentication comes from is the flexible part - and if it
was limited to only Haiku's "account.haiuk-os.org" server, that seems
reasonable.
If OpenID was used for this, then In theory, I could register on other
OpenID-enabled sites using my Haiku OpenID for authentication.
If later it was decided to allow OpenID authentication from other
trusted OpenID services - that could be possible with minimal effort
as well.
> The disadvantages will be that you will add dependencies between
> systems, and that this system still has to be investigated further.
AFAIK, It would add only one dependency to all systems - an
authentication server itself. But on the other hand, if it was chosen
to allow OpenID from other servers, that would decentralize the
authentication process - I could maybe login to Haiku's websites using
my gmail account or whatever if it also supported OpenID. Thus, it
becomes a flexible solution. That would also takes the onus off Haiku
to maintain a secure login and authentication system, and put the onus
on the individuals to make sure they use a reputable service that they
trust. At that point, if a given user's authentication service is
down, they're the only ones affected, not the entire userbase of the
Haiku website. It also becomes their problem to contact their provider
and resolve the problem.
I don't know a huge amount about OpenID, but from the few discussions
I've had - it seems like a really good option for web services that
simply require user authentication, but don't necessarily want or need
to maintain the authentication data itself.
Now, is this reasonable in any short-term decision? Probably not. More
web applications are adopting OpenID all the time - so I would expect
both Drupal and Trac to support it either now, or in the near future.
- Urias
-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List
Other related posts:
