On Sun, Aug 10, 2014 at 12:41 PM, Philipp Kaluza <floss@ghostroute.eu> wrote:
Hi Robinson, Jean, Alexander, and everybody else interested in SSO,
:-)
I'd hate to have a huge discussion about the pro's and cons of each
here; I think we'll need to decide based on available volunteer experience.
Available experience is helpful, but I think we shouldn't dismiss
something new if we think that it's the best path forward.
Connecting services to the directory is a pain in each individual
instance, so I'd like to see a list of services that actually should use
this shared user database.
I'll start:
- libo machines' admin users
- redmine [2]
(shouldn't be much harder than trac, which I've done)
AskLibreOffice, Gerrit, and Redmine all use/support OpenID right now.
Additional services that should/could use shared user database:
MozTrap
Silverstripe (?)
Conference site
Conference registration (if separate)
ownCloud
TDF Wiki
Mailing list subscriptions/prefs?? (right now there's no
user-interface GUI at all)
The report in [2] also talks about bugzilla, which I think will be a
major pain in either case, so I'm not listing it here as realistic.
[2] https://redmine.documentfoundation.org/issues/308
Bugzilla would be a huge win for us, especially as it's one of our
primary mechanisms for interaction w/users. It would also allow us to
do some nifty things between Bugzilla/AskLbireOffice in the future.
On the topic of SSO via OpenID, I'd like to point to a similar
discussion happening in Gnome currently. [3] [4]
[3] https://www.dragonsreach.it/2014/08/05/back-from-guadec-2014/
[4] http://patrick.uiterwijk.org/2014/07/28/gnome-authentication/
[5] https://id.gnome.org/
Wow! That's sounding pretty awesome, especially the integration with
Bugzilla and ownCloud, as we use those services as well. Good thing
that we're friends with the Gnome folks...maybe we can invite them for
a chat :-)
If we go for web-based SSO, I like the interface that canonical is
running (login.ubuntu.com / login.launchpad.net) - two seperate login
pages using the same credentials database, which is a horrible hack for
legacy reasons. But the interface seems well-integrated, and I can ask
my browser to keep cookies from a single site.
Yeah, don't get me started on what happened with Launchpad/Ubuntu
One/whatever. Lesson learned: Make sure that your users know what's
changing and how before you re-brand or change systems around.
On the backend side: most of these "let's deploy a web-SSO" solutions
run on a relational database in the backend, which I'm not too keen on
for security reasons. The admins would need to make sure there's a
dedicated, well-secured database server. If anybody knows one that can
use LDAP as a credentials store, please point it out.
What would be the alternative for storing data on the backend?
still quoting Jean:
with the ultimate aim to reduce the
burden which comes from having an additional user account (needing to
remember credentials, etc.).
I'd explicitly name reducing administrator / moderator burden as well.
If this creates more work, we'll not establish a solution that will be
maintained and used long-term.
Yes, simplifying burden for admins/mods is another big piece of the
puzzle. To speak directly to both Jean's point and Philipp's point,
many of the inquiries we receive regarding AskLibreOffice are related
to login problems and/or a desire not to have to trust a 3rd party for
an OpenID server. If we run our own identiy server and provide
centralized, documented instructions on how to log-in, I think we'd
greatly improve the user and moderator experience with multiple pieces
of our infra.
Best,
--R
--
Robinson Tryon
LibreOffice Community Outreach Herald
Senior QA Bug Wrangler
The Document Foundation
qubit@libreoffice.org
--
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/website/
All messages sent to this list will be publicly archived and cannot be deleted
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.