On Tue, Dec 2, 2008 at 8:56 PM, Greg Smith <[EMAIL PROTECTED]> wrote: > Hi Tomeu and Browse engineers,
Hi Greg, first of all, I would like to note that we are trying to close the [EMAIL PROTECTED] mailing list and move the olpc-specific traffic to [EMAIL PROTECTED] and the rest to [EMAIL PROTECTED] Please help us with this! Second, we may need to think a bit about how we are going to resource this task. Simon is the Browse maintainer and has a good knowledge of its internals, though Marco and me have hacked occasionally on it. AFAIK, none of us have a good knowledge of security issues and use to ask Michael for advice. And the third knowledge area involved is the school server, with Martin on the wheel. So I propose that server and security experts discuss the different possibilities first and then ask the sugar people about how best to implement the client side of this. Mozilla gives us lots of hooks for altering the conversation between the browser and the server, so we have a good deal of flexibility there that we can take advantage of. So I'm cc'ing to [EMAIL PROTECTED] and [EMAIL PROTECTED] where OLPC and other Sugar deployers (I'm thinking specially on Brendan and Caroline) can discuss the different alternatives. Regards, Tomeu > Talking with Martin L recently he mentioned that you have some ideas on > how the XO can communicate its identity (e.g. serial # and maybe user > name) with a web server. We're mostly thinking of the school server as > the server side but a more generic solution may be acceptable. > > The main idea is to eliminate the need for students to ever type in a > user name and password. e.g. they should be able to just hit the Backup > and Restore URL and see their files without having to login or find > their serial number in a list. > > That's one example. I would also like any Web server to be able to > extract the XO identity and use it in CGI (e.g. PHP) for processing. > > It should also be encrypted so that the XO cannot be spoofed. e.g. only > the XO which backed up and can see or restore its own files (possibly > with an admin override). > > I put a stub of a requirement for it on our roadmap here: > http://wiki.laptop.org/go/Feature_roadmap#Single_Sign_on_from_Browse > > Do you have any ideas or designs for how we can achieve that? > > Comments and questions welcome. > > Thanks, > > Greg S > > _______________________________________________ > Sugar mailing list > [EMAIL PROTECTED] > http://lists.laptop.org/listinfo/sugar > _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
