>> The problem I have with this (and also partially with python-openid) is >> that I don't know how to integrate it with the existing application. How >> is the module supposed to know what PyPI accounts are, and how they >> relate to existing IDs, and what postgres database and table this >> information is to be stored in? > > Since OpenID is an authentication solution, you should probably just accept > the claimed identity as the username.
It can't work that way, and shouldn't. First, OpenID defines the Simple Registration extensions (SREG) to explicitly cover a nickname, and also provide an email address. Whether or not I trust these data - at a minimum, I should use them - that's what OpenID users expect to happen. I see that mod_auth_openid has some support for AX (a similar protocol) since 0.3, and that may also support SREG, but again, I'm unsure how to use it. In addition, existing users will expect to be able to use OpenID, and will expect to be able to map OpenIDs to existing accounts. > In fact, mod_auth_openid provides this as the REMOTE_USER CGI > environment variable. That can work for logins, but not for registrations. Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
