[Yanel-dev] OpenID patch

Thu Jan 17 00:35:56 CET 2008

Evaldas Taroza wrote:

> Michael Wechner wrote:
>
>> Evaldas Taroza wrote:
>>
>>> Hi everyone,
>>>
>>> I did a simple implementation for the logging in with an OpenID. 
>>> After applying the patch *joid.jar and tsik.jar* must be in the 
>>> dependencies. I believe these libraries should be put into Wyona's 
>>> Maven repository.
>>
>>
>>
>> are there no other public maven where these libs are being hosted 
>> (e.g. ibiblio, maven itself)?
>
>
> I could not find them on the web.
> I use joid.jar and tsik.jar as downloaded from SVN together with all 
> the sources.

I guess you mean here

http://joid.googlecode.com/svn/

but what about tsik.jar

http://code.google.com/p/joids/issues/detail?id=1

?

I guess you got it from

http://joid.googlecode.com/svn/trunk/lib/

right?

But can one get the source of tsik.jar? resp. what is the license?

> Official joid-1.0.2.jar as downloaded from the 
> http://code.google.com/p/joid/downloads/list does not include many 
> helper classes, e.g. OpenIDFilter
>
> So we could use those two jars with version 1.0.2-SVN, or something 
> like that.

so you mean we should build our own lib based on the most recent SVN 
version, e.g. Revision 80?

And we could call it within our maven dir something like 
joid-1.0.3-dev-r80.jar

WDYT?

Thanks

Michi

>
>>
>> If not, what versions are these libs (?), such that we can add a 
>> version to the Wyona maven repo
>>
>>>
>>> There is several issues though:
>>> 1. When someone logs in with an OpenID a respective user in Yanel is 
>>> created. It is not clear which policies this user should have nor to 
>>> which group it should belong...
>>
>>
>>
>> I would say none. Also I don't tunk such a user should be created by 
>> default, because it would mean a big security hole, but I understand 
>> it depends on the situation, e.g.
>>
>> - NO: http://www.wyona.com/
>> - YES: http://foaf.wyona.org/
>
>
> I agree this will depend on the application, because every realm can 
> have its own default policies
>
>>
>> also how to configure the trusted openID providers.
>>
>> How can we make this configurable or moderateable?
>
>
> Trusted providers can simply be a list of providers with an assigned 
> trust level. I would say that the domain of an OpenID can be assigned 
> default policies. E.g. *.myopenid.com - editor, *.aol.com - reader. 
> Managing by domain could also solve the problem of creating a user 
> inside Yanel, because the profile info is on the provider.
>
>
>>
>>> So now I preinsert openid-yanel users into some groups, e.g. I put 
>>> http---evaldas.taroza.myopenid.com into 
>>> ac-identities/groups/editor.xml and then when I log in with my 
>>> http://evaldas.taroza.myopenid.com I get the editor privileges. 
>>> (Note that I the Yanel user id is made out of OpenID by replacing 
>>> special characters, like , * : / & by a dash)
>>
>>
>>
>> I guess this would be custom and hence we need to provide a way that 
>> developers/integrators can change this.
>>
>
> Yes, thats more like a workaround for testing, then a normal 
> implementation.
>
> Evaldas
>

-- 
Michael Wechner
Wyona      -   Open Source Content Management - Yanel, Yulup
http://www.wyona.com
michael.wechner at wyona.com, michi at apache.org
+41 44 272 91 61