[Yanel-dev] OpenID patch
Michael Wechner
michael.wechner at wyona.com
Thu Jan 17 00:41:22 CET 2008
Michael Wechner wrote:
> Evaldas Taroza wrote:
>
>> Michael Wechner wrote:
>>
>>> Evaldas Taroza wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> I did a simple implementation for the logging in with an OpenID.
>>>> After applying the patch *joid.jar and tsik.jar* must be in the
>>>> dependencies. I believe these libraries should be put into Wyona's
>>>> Maven repository.
>>>
>>>
>>>
>>>
>>> are there no other public maven where these libs are being hosted
>>> (e.g. ibiblio, maven itself)?
>>
>>
>>
>> I could not find them on the web.
>> I use joid.jar and tsik.jar as downloaded from SVN together with all
>> the sources.
>
>
>
> I guess you mean here
>
> http://joid.googlecode.com/svn/
>
> but what about tsik.jar
>
> http://code.google.com/p/joids/issues/detail?id=1
>
> ?
>
> I guess you got it from
>
> http://joid.googlecode.com/svn/trunk/lib/
>
> right?
>
> But can one get the source of tsik.jar? resp. what is the license?
I think I have found it
http://svn.apache.org/repos/asf/incubator/tsik/trunk/
whereas it seems to be dormant
http://incubator.apache.org/projects/tsik.html
http://marc2.theaimsgroup.com/?t=114227803100006&r=1&w=2
but we might to build the jar from the SVN
WDYT?
Cheers
Michi
>
>> Official joid-1.0.2.jar as downloaded from the
>> http://code.google.com/p/joid/downloads/list does not include many
>> helper classes, e.g. OpenIDFilter
>>
>> So we could use those two jars with version 1.0.2-SVN, or something
>> like that.
>
>
>
> so you mean we should build our own lib based on the most recent SVN
> version, e.g. Revision 80?
>
> And we could call it within our maven dir something like
> joid-1.0.3-dev-r80.jar
>
> WDYT?
>
> Thanks
>
> Michi
>
>>
>>>
>>> If not, what versions are these libs (?), such that we can add a
>>> version to the Wyona maven repo
>>>
>>>>
>>>> There is several issues though:
>>>> 1. When someone logs in with an OpenID a respective user in Yanel
>>>> is created. It is not clear which policies this user should have
>>>> nor to which group it should belong...
>>>
>>>
>>>
>>>
>>> I would say none. Also I don't tunk such a user should be created by
>>> default, because it would mean a big security hole, but I understand
>>> it depends on the situation, e.g.
>>>
>>> - NO: http://www.wyona.com/
>>> - YES: http://foaf.wyona.org/
>>
>>
>>
>> I agree this will depend on the application, because every realm can
>> have its own default policies
>>
>>>
>>> also how to configure the trusted openID providers.
>>>
>>> How can we make this configurable or moderateable?
>>
>>
>>
>> Trusted providers can simply be a list of providers with an assigned
>> trust level. I would say that the domain of an OpenID can be assigned
>> default policies. E.g. *.myopenid.com - editor, *.aol.com - reader.
>> Managing by domain could also solve the problem of creating a user
>> inside Yanel, because the profile info is on the provider.
>>
>>
>>>
>>>> So now I preinsert openid-yanel users into some groups, e.g. I put
>>>> http---evaldas.taroza.myopenid.com into
>>>> ac-identities/groups/editor.xml and then when I log in with my
>>>> http://evaldas.taroza.myopenid.com I get the editor privileges.
>>>> (Note that I the Yanel user id is made out of OpenID by replacing
>>>> special characters, like , * : / & by a dash)
>>>
>>>
>>>
>>>
>>> I guess this would be custom and hence we need to provide a way that
>>> developers/integrators can change this.
>>>
>>
>> Yes, thats more like a workaround for testing, then a normal
>> implementation.
>>
>> Evaldas
>>
>
>
--
Michael Wechner
Wyona - Open Source Content Management - Yanel, Yulup
http://www.wyona.com
michael.wechner at wyona.com, michi at apache.org
+41 44 272 91 61
More information about the Yanel-development
mailing list