Hello world, take a look at http://iwantmyopenid.org/. "Soon we will be granting $5,000 USD directly to ten open-source projects that successfully implement OpenID." I talked to Scott Kveten (CEO of Janrain) and Corey Shields (OSL) and they would be willing to wire the $5,000 USD directly to OSL so they can buy us an additional machine, something which we might need in the near future. I think this makes for a good opportunity to implement OpenID into Drupal core, and to get rid of our own distributed authentication framework. We talked about this earlier, and I believe there was a consensus about the fact we should adopt a standard. I believe that OpenID is they way to go so even without a bounty it would be of "strategic importance". Thoughts? -- Dries Buytaert :: http://www.buytaert.net/
On Mon, Jul 31, 2006 at 08:23:06AM +0200, Dries Buytaert wrote:
I think this makes for a good opportunity to implement OpenID into Drupal core, and to get rid of our own distributed authentication framework. We talked about this earlier, and I believe there was a consensus about the fact we should adopt a standard.
I believe that OpenID is they way to go so even without a bounty it would be of "strategic importance".
Absolutely. FWIW, my site (http://www.pebble.org.uk/) is already using the drupal openid module, showing that this should be quite an easy $5K for someone :) ~Ainsley
Well -- that's OpenID *client* support. OpenID server support is a different beast. It would be a pretty cool strategic advantage for blogging. A number of sites (including the ubiquitous LiveJournal) allow the use of OpenID for commenting. --Jeff -----Original Message----- From: Ainsley Pereira [mailto:drupaldev@pebble.org.uk] Sent: Monday, July 31, 2006 1:30 AM To: development@drupal.org Subject: Re: [development] OpenID On Mon, Jul 31, 2006 at 08:23:06AM +0200, Dries Buytaert wrote:
I think this makes for a good opportunity to implement OpenID into Drupal core, and to get rid of our own distributed authentication framework. We talked about this earlier, and I believe there was a consensus about the fact we should adopt a standard.
I believe that OpenID is they way to go so even without a bounty it would be of "strategic importance".
Absolutely. FWIW, my site (http://www.pebble.org.uk/) is already using the drupal openid module, showing that this should be quite an easy $5K for someone :) ~Ainsley
Hello, We just launched an open source project (http://openacademic.org) centered around the use of Drupal, Moodle, Elgg, and Mediawiki in education -- we are using OpenID for SSO, with Drupal as an OpenID client -- we will be working with the existing Drupal OpenID module to make some upgrades/improvements -- we'd love to work with folks to get this done. And hey, if we can get 5000 for Drupal in the process, so much the better :) -- From reading the bounty page (http://iwantmyopenid.org/bounty), I see this: "Implement OpenID 2.0 support as a Relying Party (RP) or Identity Provider (IdP)" -- I'm assuming that for the bounty they want the app to work both as an OpenID client and server, but this seems to imply that just one would do it. Do they mean *and* instead of *or* ? Anyways -- we will be moving ahead with this development, and would welcome any folks who want to help. Cheers, Bill Dries Buytaert wrote:
Hello world,
take a look at http://iwantmyopenid.org/.
"Soon we will be granting $5,000 USD directly to ten open-source projects that successfully implement OpenID."
I talked to Scott Kveten (CEO of Janrain) and Corey Shields (OSL) and they would be willing to wire the $5,000 USD directly to OSL so they can buy us an additional machine, something which we might need in the near future.
I think this makes for a good opportunity to implement OpenID into Drupal core, and to get rid of our own distributed authentication framework. We talked about this earlier, and I believe there was a consensus about the fact we should adopt a standard.
I believe that OpenID is they way to go so even without a bounty it would be of "strategic importance".
Thoughts?
-- Dries Buytaert :: http://www.buytaert.net/
From reading the bounty page (http://iwantmyopenid.org/bounty), I see this: "Implement OpenID 2.0 support as a Relying Party (RP) or Identity Provider (IdP)" -- I'm assuming that for the bounty they want the app to work both as an OpenID client and server, but this seems to imply that just one would do it. Do they mean *and* instead of *or* ?
I was wondering about that too ... I think though that this has to be AND for consideration into core Drupal. We have always shipped with an authentication server and an auth client. I don't see us switching to a new system without both components in place. I'm subscribed to the DA group on the groups site. Thats a good place for detailed discussions on this: http://groups.drupal.org/distributed-authentication I'd love to see this happen for Drupal. I will help.
On 31 Jul 2006, at 15:19, Bill Fitzgerald wrote:
Hello,
We just launched an open source project (http://openacademic.org) centered around the use of Drupal, Moodle, Elgg, and Mediawiki in education -- we are using OpenID for SSO, with Drupal as an OpenID client -- we will be working with the existing Drupal OpenID module to make some upgrades/improvements -- we'd love to work with folks to get this done.
For kicks (because I'm interested in the technology and because Scott Kveton is a great guy), I reviewed the existing OpenID module (written by a Janrain employee). Frankly, the module needs to be rewritten from scratch in the Drupal Way. I'd advise against using it as is, or building on top of it without refactoring the module first. For us to receive the bounty, the module needs to go into Drupal core, in which case we want to write an extremely lightweight module of, say, 500 lines of code that acts as a replacement for the drupal.module. This means we have to remove the 90% of the existing OpenID (eg. their PEAR mappings, their libraries and various other glue), modify it to use our own database abstraction layer, etc. (The current OpenID module is about as big as Drupal core.) -- Dries Buytaert :: http://www.buytaert.net/
On 31-Jul-06, at 7:07 AM, Dries Buytaert wrote:
On 31 Jul 2006, at 15:19, Bill Fitzgerald wrote:
We just launched an open source project (http://openacademic.org) centered around the use of Drupal, Moodle, Elgg, and Mediawiki in education -- we are using OpenID for SSO, with Drupal as an OpenID client -- we will be working with the existing Drupal OpenID module to make some upgrades/improvements -- we'd love to work with folks to get this done.
For kicks (because I'm interested in the technology and because Scott Kveton is a great guy), I reviewed the existing OpenID module (written by a Janrain employee). Frankly, the module needs to be rewritten from scratch in the Drupal Way. I'd advise against using it as is, or building on top of it without refactoring the module first.
For us to receive the bounty, the module needs to go into Drupal core, in which case we want to write an extremely lightweight module of, say, 500 lines of code that acts as a replacement for the drupal.module. This means we have to remove the 90% of the existing OpenID (eg. their PEAR mappings, their libraries and various other glue), modify it to use our own database abstraction layer, etc. (The current OpenID module is about as big as Drupal core.)
I had brought this up quite some time ago -- I believe we should ship with a standards-based distributed auth in core that is secure by default. My suggestion was in fact to use OpenID as the basis, since it is very simple. James has done lots of work on dist auth, we would put some time into this as well -- we want to make sure other ID systems (e.g. SXIP) work together as well. The SXIP homesite module (Rowan Kerr) might have some helpful code in making the server component, or at least look at the architecture. There is currently some PHP based server code floating around in a couple of different places, but it definitely needs updating. See: * http://www.openidenabled.com/openid/libraries/php * http://videntity.org/openid/ All those interested, lets move to http://groups.drupal.org/ distributed-authentication and assign tasks, etc. -- Boris Mann Vancouver 778-896-2747 San Francisco 415-367-3595 SKYPE borismann http://www.bryght.com
On 31-Jul-06, at 2:46 PM, Boris Mann wrote:
James has done lots of work on dist auth, we would put some time into this as well -- we want to make sure other ID systems (e.g. SXIP) work together as well. The SXIP homesite module (Rowan Kerr) might have some helpful code in making the server component, or at least look at the architecture
Yeah, count me in. -- James Walker :: http://walkah.net/ :: xmpp:walkah@walkah.net
On the meta level, I talked with some JanRain folks at OSCON last week. They seemed pretty sincere in their desire to get OpenID out there and accepted. In other words, I think they will pay the bounty if you do the work. -Mark On 7/31/06, James Walker <walkah@walkah.net> wrote:
On 31-Jul-06, at 2:46 PM, Boris Mann wrote:
James has done lots of work on dist auth, we would put some time into this as well -- we want to make sure other ID systems (e.g. SXIP) work together as well. The SXIP homesite module (Rowan Kerr) might have some helpful code in making the server component, or at least look at the architecture
Yeah, count me in.
-- James Walker :: http://walkah.net/ :: xmpp:walkah@walkah.net
(conversation fork) While we're talking about authentication systems, I thought it would be relevant to mention "Cosign" ( http://weblogin.org ): "An open source project originally designed to provide the University of Michigan with a secure single sign-on web authentication system. Cosign is part of the National Science Foundation Middleware Initiative (NMI)" This is a single-point auth system, in contrast to OpenID, which does the opposite. However, this is extremely useful in institutions (universities, companies, etc) where there is a universal login system already in place. (All of UofM's ITservices use this) I haven't seen any Drupal client implementations that implement this; does anyone know of one? -Arnab (note: i am not related to the cosign project in any way) On 7/31/06, Dries Buytaert <dries.buytaert@gmail.com> wrote:
Hello world,
take a look at http://iwantmyopenid.org/.
"Soon we will be granting $5,000 USD directly to ten open-source projects that successfully implement OpenID."
I talked to Scott Kveten (CEO of Janrain) and Corey Shields (OSL) and they would be willing to wire the $5,000 USD directly to OSL so they can buy us an additional machine, something which we might need in the near future.
I think this makes for a good opportunity to implement OpenID into Drupal core, and to get rid of our own distributed authentication framework. We talked about this earlier, and I believe there was a consensus about the fact we should adopt a standard.
I believe that OpenID is they way to go so even without a bounty it would be of "strategic importance".
Thoughts?
-- Dries Buytaert :: http://www.buytaert.net/
On 7/31/06, Arnab Nandi <arnab@arnab.org> wrote:
(conversation fork)
While we're talking about authentication systems, I thought it would be relevant to mention "Cosign" ( http://weblogin.org ):
"An open source project originally designed to provide the University of Michigan with a secure single sign-on web authentication system. Cosign is part of the National Science Foundation Middleware Initiative (NMI)"
This is a single-point auth system, in contrast to OpenID, which does the opposite. However, this is extremely useful in institutions (universities, companies, etc) where there is a universal login system already in place. (All of UofM's ITservices use this)
I haven't seen any Drupal client implementations that implement this; does anyone know of one?
-Arnab (note: i am not related to the cosign project in any way)
We're using JVD's pubcookie module at PSU to tie in with SSO. Pubcookie is a product of UW, similar I think to Cosign . Another option is to skip the middleman and go directly to LDAP (well supported). Note: the author does not particularly like the mess of C-code and compiled templates that make up the pubcookie system. Actually Arnab, OpenID might be a very good option in an environment where identity is managed centrally. Central IT manages the directory of identity URLs as a trusted service, and each identity URL points to the OpenID authentication server. Advantages over the various niche SSO packages: ++ Not Icky + Allows org members to use their institutional identity to sign into OpenID consumer sites throughout the web (the marketing dept likes this) Meanwhile, I'm stuck with pubcookie for now... Eric Drechsel
participants (10)
-
Ainsley Pereira -
Arnab Nandi -
Bill Fitzgerald -
Boris Mann -
Dries Buytaert -
Eric Drechsel -
James Walker -
Jeff Eaton -
Mark Fredrickson -
Moshe Weitzman