Date: prev next · Thread: first prev next last
2014 Archives by date, by thread · List index


On Tue, Nov 11, 2014 at 9:19 AM, Wols Lists <antlists@youngman.org.uk> wrote:
On 11/11/14 15:07, Norbert Thiebaud wrote:
On Mon, Nov 10, 2014 at 3:43 PM, David Ostrovsky <d.ostrovsky@gmx.de> wrote:

Just to inform you, that Google shuts down the OpenID 2.0
service on April 20, 2015, as explained in this announcement [1].

I know that some folks use it for Gerrit authentication.
Does github has a openid 2.0 service ? does it work with gerrit ?
What is the replacement that the gerrit project plan to use
(after all a lot of the project is google-centric no ? )

I think that the most promising alternative would be to set up OpenID
service on TDF infrastructure.
Do you know how to do that ?
But more to the point, what is the benefit of having a openid provider
for _one_ service...

I was thinking along those lines...

Would there be any interest amongst other Libre Software projects in
maintaining a shared OpenID infrastructure?

That is not the axes I was describing.. I was not talking about the
issue of shrea/duplicated infrastructure but the issue from the user
perspective... well from _this_ user perspective.
1/ there is a need of an auth step
2/ that involve a key and/or a user/password
3/ where google openid is a big win for me is that, if I am already
logged-in to gmail, then I get gerrit login for 'free' no additional
user/password to type.
4/ having a tdf openid (or any other openid for that matter) is
negating that benefit unless I am already logged in to another service
sharing that openid.. Which I do not.
So your mileage may vary, but for me, if it is not gmail centric then
there is no difference between openid and a regular user/password
scheme.
5/ if it is just a matter of having a 'shared' openid, hosted by an
open source project.. then, as Bjoern mentioned, there is already
launchpad to fulfill that function. it already exist, is widely used,
has to have a well supported and maintained infra behind it that
guarantee a very high uptime, and has already strong incentive to make
sure the thing is as secured as it can be... I do not see the point of
re-inventing the wheel. we have better things to do with our infra
than indulge in NIH syndrome.

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.