Refactoring the Debtags web interface
Enrico Zini
enrico at enricozini.org
Mon Feb 23 09:54:24 UTC 2009
On Mon, Feb 23, 2009 at 11:00:06AM +1100, Ben Finney wrote:
> > and a whitelist of identity providers that every DD can easily use
> > (like alioth or debian)
>
> What of those that use an OpenID provider not on the whitelist? (I
> imagine some not insignificant number of hackers run their own
> personal OpenID server, so an ever-expanding whitelist seems not to
> address the issue.)
>
> What of non-DDs who do not necessarily have an account on any of those
> services, but are still valid users for authenticating in the Debtags
> system?
Fair enough, any OpenID server will probably do, as long as being
authenticated doesn't automatically authorize any privileges.
If Debian were an OpenID provider, then using the Debian OpenID could
automatically give some authorization, like assuming that one is a DD.
That could have been handy, but indeed not particularly needed.
In fact, since neither Alioth nor Debian currently can act as an OpenID
provider, this looks like the only way to go.
Ciao,
Enrico
--
GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <enrico at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/debtags-devel/attachments/20090223/b30868e7/attachment.pgp
More information about the Debtags-devel
mailing list