On 09/04/2008, Niels Reedijk <niels.reedijk@xxxxxxxxx> wrote: > 2008/4/9, Jorge G. Mare <koki@xxxxxxxxxxxxxx>: > > > On Wed, 2008-04-09 at 12:37 -0700, Urias McCullough wrote: > > > Now, is this reasonable in any short-term decision? Probably not. More > > > web applications are adopting OpenID all the time - so I would expect > > > both Drupal and Trac to support it either now, or in the near future. > > > > > > Drupal has an OpenID module. > > > > http://drupal.org/project/openidurl > > > Trac 0.11 too. > > http://www.trac-hacks.org/wiki/AuthOpenIdPlugin > > I will look at the available OpenID servers for a possible > account.haiku-os.org. I am especially interested in seeing whether the > server can run as a limited server (so that it only works within the > haiku-os.org domain). Well actually - we don't necessarily care if people with haiku-os.org accounts use them for authentication elsewhere do we? (for example, HUGs and community sites could even use a haiku-os.org openid server for authentication of their members if they wanted to - without any further work). Since there's no transfer of the user's authentication data from the OpenID server to the site requesting authentication, this is still secure by design. I think the problem you proposed earlier is making sure that Trac and Drupal only allow authentication from a server (or servers) that we believe are trustworthy right? I don't know if that's possible :) ----------------------------------------------------------------------- haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List