No, I expect there to still be hybrid (as an admin setting allowing
users a choice), it's just you can't create, for a single new user
account, multiple authentication methods for it; some new users may
choose OpenID and some may choose username/password, but not both.
Glen
On 08/17/2013 10:51 AM, Dave wrote:
+1
I think hybrid is a nice feature, but not required. I'll be happy to have
any form of OpenID working in Roller. If somebody needs hybrid they can do
the work to bring it back.
- Dave
On Fri, Aug 16, 2013 at 4:38 PM, Glen Mazza <[email protected]> wrote:
Team, as mentioned earlier, I plant to start looking at the OpenID in
Roller again. As you may recall, the Roller config file allows new user
accounts with "no" OpenID, "only" OpenID, or "hybrid" -- either OpenID
and/or password. I'd like to change that "and/or" to just an "or": Right
now, for the new user signup screen under hybrid we allow new accounts to
be created with *both* a username/password and an OpenID to access that
account.
What I'm proposing, for any new user account under hybrid, that there be
one and only one authentication mechanism (username/password *or* OpenID
*or* whatever else comes up in the future). It's fully the user's choice
(there will be radio buttons to choose the one desired), but he or she can
only choose one. If someone has a theoretical need for both a
username/password *and* OpenID (I don't see why), that person would create
two accounts instead, and just allow the second account admin rights on the
blogs created by the first account. Such a change would keep Roller in
line with StackOverflow, Yahoo! Groups, and Flickr, that, while providing
an OpenID option, still have just one authentication mechanism per account.
It sounds sweet and helpful to allow multiple ways to log into the same
account, but as you expand the number of authentication options you end up
introducing unnecessary code complexity and potential security holes while
not providing much additional utility to users. WDYT?
Regards,
Glen
