On Thu, Jun 21, 2012 at 10:13:38AM +0100, Michael Meeks wrote: > On Wed, 2012-06-20 at 22:46 +0200, Bjoern Michaelsen wrote:
>> we vaguely considered running a TDF OpenID provider in the distant future, >> but so shied away from that for the nontrivial cost (security is hard to >> get right) > I imagine if Lionel wanted to re-open that decision, and has > done the work anyway to get an openID server setup, In short: I've done the work for a small-scale OpenID server (from one user to a few users, each user being configured manually in a text file). The implementations I've looked at would most probably not be adequate for a bigger setup like TDF. Security being one of my core interests, if there would be interest in a TDF OpenID provider, I could be interested in participating in its setup, but we'd probably select a more "large scale" implementation that the ones I now have experience with. In particular, local-openid is intrinsically single-user; but one can run multiple copies of it :) (that is partially a joke; running it on a machine that anybody else than you has a shell account on has security implications I'd need to think about how to resolve). Part of its appeal is that it is not run "system-wide", but that the user that wants to authenticate runs it hirself from a shell account. The other implementation I've setup is SimpleID; that's the one where each user is configured manually in a text file, but we can delegate that to the user hirself through symlinks. Security-wise, the password is stored as an *unsalted* hash, but that would be easy enough to change should we want to. -- Lionel _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice