On 5/15/13, Joe Dreimann <[email protected]> wrote: > On 15 May 2013, at 11:24, Ryan Ollos <[email protected]> wrote: >> On Tue, May 14, 2013 at 6:10 AM, Chris Gamache <[email protected]> >> wrote: >> [...] >> >> The AuthOpenIdPlugin might be worth looking at as an example, >> https://github.com/dairiki/authopenid-plugin > > Would it make sense to also deploy that plugin for our > http://issues.apache.org/bloodhound issue tracker? >
FWIW , I've always been advocating for using something like this Notice that there are at least two OpenId plugins out there , so we'd have to choose the one most suitable to this particular purpose ... and check whether it behaves as expected if account manager plugin will be available too . > That may make it easier for users to raise bugs and get involved without > Yet-Another-Registration™ > + > I have little experience with deploying Open ID, but I believe we can still > discover email addresses (for notifications) with the users permission in > many cases. > Yes , as long as the profile created by user with the OpenId provider contains such information (e-mail , name , ...) and user instructs OpenId provider (via web form) to authorize target site and share such data with i.a.o in this case . AFAICR , there's an option in the plugin to not accept initial logins (i.e. sign up) if OpenId user profile does not contain e-mail address . > Just trying to lower the barrier to entry :) ;) I just do not know whether OpenId fits well into ASF policies . -- Regards, Olemis.
