On 2 Jun 2009, at 22:29, Arthus Erea wrote:
Ideally, once logged into hp.o, you won't have to login anywhere else within Habari. You also shouldn't have to type your OpenID login.I think this could be accomplished by setting a site-wide cookie with your OpenID url/username, which the various systems could then auth against.
I think thats the point of open id, you just store the open id url in a cookie as I understand it, and then everytime you need to auth the app requests auth from the openid server. If the server hasn't timed out your session, then it just sends you back to the app - you're transparently logged in. If a timeout has occurred then the user enters their password and is sent back to the app.
From the user's perspective, they'd have to (sometimes) login, no matter where they were, but once they were logged in then they could go anywhere within the habari ecosystem without having to relogin.
I do think all contributors should have a "hub" profile, since that will include Habari-specific information. Maybe we could set it up so the hub is both an OpenID client & server. If you have an external OpenID, authentication would be delegated to it. Profile information would be pulled in, then fed out to the various apps.So, everyone would have a hp.o profile, with the option of delegating. Does that sound like it would work?
That sounds exactly like my mental model of how OpenID works.A neat thing I like about it for end-users is they can have their authorative URL (mine is http://caius.name/) but then delegate that URL to an OpenID provider (mine's pointing to http://myopenid.com), but because the end-user controls their auth url, they can delegate to a new provider, so I could switch to using habari's oid server by changing one line in my index.html on http://caius.name/.
C --- Caius Durling [email protected] +44 (0) 7960 268 100 http://caius.name/
PGP.sig
Description: This is a digitally signed message part
