Authentication integration: Difference between revisions
Content added Content deleted
imported>Paulproteus No edit summary |
No edit summary |
||
Line 8: | Line 8: | ||
* Users only have to authenticate once to all (web) services within openhatch.org. |
* Users only have to authenticate once to all (web) services within openhatch.org. |
||
* Simple implementation. |
|||
* Users can't impersonate other users. |
* Users can't impersonate other users. |
||
* Even if the forum is compromised, it's not totally trivial for the forum admin to impersonate OpenHatch users to other openhatch.org applications (especially openhatch.org itself). |
|||
* Applications outside openhatch.org should not be able to use this system to gain information about users. (They might be able to use ''other'' mechanisms, but not this one.) |
* Applications outside openhatch.org should not be able to use this system to gain information about users. (They might be able to use ''other'' mechanisms, but not this one.) |
||
* These applications don't have to be particularly securely maintained. (Specifics...?) |
* These applications don't have to be particularly securely maintained. (Specifics...?) |
||
Line 14: | Line 16: | ||
m_stone's notes: |
m_stone's notes: |
||
⚫ | |||
* Maybe use separate HMAC keys for separate "apps"? |
* Maybe use separate HMAC keys for separate "apps"? |
||
* I'm a bit nervous about having splittable cookies. Maybe add an index cookie? (fun link: [http://wiki.laptop.org/go/Canonical_JSON canonical json]) |
* I'm a bit nervous about having splittable cookies. Maybe add an index cookie? (fun link: [http://wiki.laptop.org/go/Canonical_JSON canonical json]) |
||
Line 59: | Line 60: | ||
** We can fix this by constraining usernames on the Django side to be case-insensitively unique. |
** We can fix this by constraining usernames on the Django side to be case-insensitively unique. |
||
*** Right now, Django usernames [http://code.djangoproject.com/ticket/2273 seem to be case sensitive]. |
*** Right now, Django usernames [http://code.djangoproject.com/ticket/2273 seem to be case sensitive]. |
||
⚫ | |||
** Asheesh says, "Okay, fine. We should revisit this in September, 2011, and probably rotate them. (That's one year from now.)" |
|||
Some usability issues: |
Some usability issues: |