[Yanel-dev] OpenID patch
Evaldas Taroza
etaroza at optaros.com
Wed Jan 16 10:03:50 CET 2008
Michael Wechner wrote:
> Evaldas Taroza wrote:
>
>> Hi everyone,
>>
>> I did a simple implementation for the logging in with an OpenID. After
>> applying the patch *joid.jar and tsik.jar* must be in the
>> dependencies. I believe these libraries should be put into Wyona's
>> Maven repository.
>
>
> are there no other public maven where these libs are being hosted (e.g.
> ibiblio, maven itself)?
I could not find them on the web.
I use joid.jar and tsik.jar as downloaded from SVN together with all the
sources. Official joid-1.0.2.jar as downloaded from the
http://code.google.com/p/joid/downloads/list does not include many
helper classes, e.g. OpenIDFilter
So we could use those two jars with version 1.0.2-SVN, or something like
that.
>
> If not, what versions are these libs (?), such that we can add a version
> to the Wyona maven repo
>
>>
>> There is several issues though:
>> 1. When someone logs in with an OpenID a respective user in Yanel is
>> created. It is not clear which policies this user should have nor to
>> which group it should belong...
>
>
> I would say none. Also I don't tunk such a user should be created by
> default, because it would mean a big security hole, but I understand it
> depends on the situation, e.g.
>
> - NO: http://www.wyona.com/
> - YES: http://foaf.wyona.org/
I agree this will depend on the application, because every realm can
have its own default policies
>
> also how to configure the trusted openID providers.
>
> How can we make this configurable or moderateable?
Trusted providers can simply be a list of providers with an assigned
trust level. I would say that the domain of an OpenID can be assigned
default policies. E.g. *.myopenid.com - editor, *.aol.com - reader.
Managing by domain could also solve the problem of creating a user
inside Yanel, because the profile info is on the provider.
>
>> So now I preinsert openid-yanel users into some groups, e.g. I put
>> http---evaldas.taroza.myopenid.com into
>> ac-identities/groups/editor.xml and then when I log in with my
>> http://evaldas.taroza.myopenid.com I get the editor privileges. (Note
>> that I the Yanel user id is made out of OpenID by replacing special
>> characters, like , * : / & by a dash)
>
>
> I guess this would be custom and hence we need to provide a way that
> developers/integrators can change this.
>
Yes, thats more like a workaround for testing, then a normal implementation.
Evaldas
--
+41 79 616 53 76
Optaros - www.optaros.com
More information about the Yanel-development
mailing list