Valerie Bubb Fenwick wrote: >> The site is currently running under HTTP, when it is deployed it will be >> running HTTPS, so eavesdropping on traffic between the browser and the >> app won't be possible. > > Which lends credance to the "have fun but don't use real data" argument of > the Confirmation Emails details :)
Exactly so - I wanted people to be able to see how it worked without exposing anything they cared about :-) >> 2. Sunid confirmation >> >> It is necessary to tie Sun employee's OpenSolaris.org accounts to their >> Sun identity, so we know that they don't have to sign an individual SCA. >> This isn't implemented yet, but when available it will prompt for a >> Sun employee number and the corresponding password. If these match, the >> password will be discarded and the Sun employee ID will be saved >> read-only in the OpenSolaris.org account. > > Do you mean the LDAP password? Where will this verification occur? > I don't think we should have LDAP passwords outside of SWAN for > any reason. The sunID confirmation could instead be something that > is internal that feeds *out* to opensolaris.org (say, once a day) The LDAP passwords won't be held on OpenSolaris.org at all. The process is the same one that is currently used when you log in to sun.com with your Sun username and password. This will *not* require that we keep copies of the LDAP passwords on opensolaris.org, the only thing that will be held is the SunID once it is confirmed, and that won't be made public. -- Alan Burlison -- _______________________________________________ website-discuss mailing list [email protected]
