On Wed, 20 Aug 2008, Alan Burlison wrote: > Valerie Bubb Fenwick wrote: > >>> The site is currently running under HTTP, when it is deployed it will be >>> running HTTPS, so eavesdropping on traffic between the browser and the >>> app won't be possible. >> >> Which lends credance to the "have fun but don't use real data" argument of >> the Confirmation Emails details :) > > Exactly so - I wanted people to be able to see how it worked without exposing > anything they cared about :-) > >>> 2. Sunid confirmation >>> >>> It is necessary to tie Sun employee's OpenSolaris.org accounts to their >>> Sun identity, so we know that they don't have to sign an individual SCA. >>> This isn't implemented yet, but when available it will prompt for a >>> Sun employee number and the corresponding password. If these match, the >>> password will be discarded and the Sun employee ID will be saved >>> read-only in the OpenSolaris.org account. >> >> Do you mean the LDAP password? Where will this verification occur? >> I don't think we should have LDAP passwords outside of SWAN for >> any reason. The sunID confirmation could instead be something that >> is internal that feeds *out* to opensolaris.org (say, once a day) > > The LDAP passwords won't be held on OpenSolaris.org at all. The process is > the same one that is currently used when you log in to sun.com with your Sun > username and password. This will *not* require that we keep copies of the > LDAP passwords on opensolaris.org, the only thing that will be held is the > SunID once it is confirmed, and that won't be made public.
Hi Alan - But will you be asking folks to put their LDAP password in to start with? I'm curious as to which password you mean here: "it will prompt for a Sun employee number and the corresponding password." Which sounds like opensolaris.org will have the LDAP password, if only temporarily. Valerie -- Valerie Fenwick, http://blogs.sun.com/bubbva Solaris Security Technologies, Developer, Sun Microsystems, Inc. 17 Network Circle, Menlo Park, CA, 94025. _______________________________________________ website-discuss mailing list [email protected]
