On Thu, Jun 21, 2012 at 10:13:38AM +0100, Michael Meeks wrote:
On Wed, 2012-06-20 at 22:46 +0200, Bjoern Michaelsen wrote:
we vaguely considered running a TDF OpenID provider in the distant future,
but so shied away from that for the nontrivial cost (security is hard to
get right)
I imagine if Lionel wanted to re-open that decision, and has
done the work anyway to get an openID server setup,
In short: I've done the work for a small-scale OpenID server (from one
user to a few users, each user being configured manually in a text
file). The implementations I've looked at would most probably not be
adequate for a bigger setup like TDF. Security being one of my core
interests, if there would be interest in a TDF OpenID provider, I
could be interested in participating in its setup, but we'd probably
select a more "large scale" implementation that the ones I now have
experience with.
In particular, local-openid is intrinsically single-user; but one can
run multiple copies of it :) (that is partially a joke; running it on
a machine that anybody else than you has a shell account on has
security implications I'd need to think about how to resolve). Part of
its appeal is that it is not run "system-wide", but that the user that
wants to authenticate runs it hirself from a shell account.
The other implementation I've setup is SimpleID; that's the one where
each user is configured manually in a text file, but we can delegate
that to the user hirself through symlinks. Security-wise, the password
is stored as an *unsalted* hash, but that would be easy enough to
change should we want to.
--
Lionel
Context
Re: [ANN] Please use Gerrit from now on for Patch Review · Norbert Thiebaud
Re: [libreoffice-projects] [ANN] Please use Gerrit from now on for Patch Review · Petr Mladek
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.