17
edits
(Updated for 0.1.0 release) |
|||
Line 1: | Line 1: | ||
This page is a specification of how OpenID authentication should work in Bugzilla. | This page is a specification of how OpenID authentication should work in Bugzilla. In OpenID nomenclature, this is about making Bugzilla an OpenID "consumer". | ||
'''[http://openid.net OpenID]''' is a decentralized authentication system which allows web server applications such as Bugzilla (known as "consumers") to authenticate users by URI. Through three different two-way conversations (user to consumer, user to server, consumer to server), the consumer can test a user's ownership of a URI without having to receive a password directly from the user, thus not needing to collect and store passwords. | '''[http://openid.net OpenID]''' is a decentralized authentication system which allows web server applications such as Bugzilla (known as "consumers") to authenticate users by URI. Through three different two-way conversations (user to consumer, user to server, consumer to server), the consumer can test a user's ownership of a URI without having to receive a password directly from the user, thus not needing to collect and store passwords. | ||
== Status == | |||
An initial version 0.1.0 has been submitted to the BZ tracker: | |||
* [https://bugzilla.mozilla.org/attachment.cgi?id=188009 Patch against BZ/CVS from 2005-07-01 (2.19.3+)] | |||
* [https://bugzilla.mozilla.org/attachment.cgi?id=188010 New Bugzilla/Auth/Verify/OpenID.pm module] | |||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=294608#c5 "Release Notes"] | |||
== Open Issues == | == Open Issues == | ||
Line 10: | Line 18: | ||
** Currently still using email. Might work on using in conjunction with [https://bugzilla.mozilla.org/show_bug.cgi?id=218917 Myk Melez's patch for arbitrary BZ names], but want to get something working first. | ** Currently still using email. Might work on using in conjunction with [https://bugzilla.mozilla.org/show_bug.cgi?id=218917 Myk Melez's patch for arbitrary BZ names], but want to get something working first. | ||
* Should email verification process still occur? | * Should email verification process still occur? | ||
** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address. That may mean that [http://lid.netmesh.org/ LID] or FOAF is also needed to make this work in a way that doesn't require an email verification ping-pong | ** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address. That may mean that [http://lid.netmesh.org/ LID] or FOAF is also needed to make this work in a way that doesn't require an email verification ping-pong. Current version must be used in tandem with DB. | ||
* Should a confirm hash style verification (ala Mailman or GForge) be created, as opposed to mailing a password to the user | * Should a confirm hash style verification (ala Mailman or GForge) be created, as opposed to mailing a password to the user | ||
** | ** Awaiting fix for [https://bugzilla.mozilla.org/show_bug.cgi?id=87795 Bugzilla Bug 87795 Creating an account should send token and wait for confirmation (prevent user account abuse)] | ||
* How should createaccount.cgi modification be done? | * How should createaccount.cgi modification be done? | ||
** It's tempting to restructure this code, creating a new Bugzilla->create_account($cgi) method, and moving the current code into Bugzilla/Auth/Login/WWW/CGI.pm | ** It's tempting to restructure this code, creating a new Bugzilla->create_account($cgi) method, and moving the current code into Bugzilla/Auth/Login/WWW/CGI.pm . Current version just relies on existing code, pretty much unmodified, so you must sign up for an account using old-fashioned means, and then associate an OpenID in the prefs. | ||
== Other Links == | == Other Links == |
edits