FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 05-27-2008, 03:18 AM
"Jeffrey Ollie"
 
Default OpenID and CLA

2008/5/26 Karsten 'quaid' Wade <kwade@redhat.com>:
>
> If we want to move our OpenID acceptance outside of Fedora's OpenID
> server, we'll have a blocker with the CLA. AIUI, we need someone to
> knowingly accept the CLA and have that tied to a Real Name and email
> address in our database. Right?

You don't have to limit the choices to "only accept Fedora OpenID
identities" or "allow any OpenID identity". It should be possible to
limit out acceptance of OpenID identities to ones that have previously
been associated with a FAS account. So before you could use your
Yahoo or MyOpenID identity to login to the Fedora Wiki you'd have to
log into FAS and register any other identities that you'd like to use.
I don't know enough about the MediaWiki OpenID plugin to know if that
would be easy or hard to do.

Jeff

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-27-2008, 03:36 AM
Ian Weller
 
Default OpenID and CLA

On Mon, 26 May 2008, Jeffrey Ollie wrote:


You don't have to limit the choices to "only accept Fedora OpenID
identities" or "allow any OpenID identity". It should be possible to
limit out acceptance of OpenID identities to ones that have previously
been associated with a FAS account. So before you could use your
Yahoo or MyOpenID identity to login to the Fedora Wiki you'd have to
log into FAS and register any other identities that you'd like to use.
I don't know enough about the MediaWiki OpenID plugin to know if that
would be easy or hard to do.


You can only allow or deny certain OpenID servers, as far as I can tell.
-- ian

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-27-2008, 03:04 PM
"John (J5) Palmieri"
 
Default OpenID and CLA

On Mon, 2008-05-26 at 20:11 -0500, Mike McGrath wrote:
> On Mon, 26 May 2008, Karsten 'quaid' Wade wrote:
>
> > Just doing some thinking ...
> >
> > If we want to move our OpenID acceptance outside of Fedora's OpenID
> > server, we'll have a blocker with the CLA. AIUI, we need someone to
> > knowingly accept the CLA and have that tied to a Real Name and email
> > address in our database. Right?
> >
>
> Correct.
>
> > However, OpenID could be a good way to get permissions to Talk: pages.
> > That is a great way to get feedback from drive-bys, the kind of people
> > who might take advantage of an OpenID to make a minor change on a
> > page.
> >
>
> <nod> I looked briefly into this but haven't totally come to a solution
> yet.
>
> > Content in Talk: could be treated procedurally as we do bug reports.
> > Maybe we can have a WikiLicense type of thing (FedoraProject:Copyrights
> > link enough?) for that? Either way, Talk: could be a discussion area,
> > cf. mailing lists and bugzilla, that may produce content. If someone
> > gives specific wording and we want to use it, and now or later modify
> > it, redistribute it, etc., it needs to be under the CLA and site
> > license. This is comparable to receiving a patch via bugzilla where the
> > contributor should include licensing text.
> >
>
> Yeah, this is both a question for legal and a question to see what is
> technically feasible. OpenID is great, but once again the CLA continues
> to be the biggest blocker to growing our contributor base.
>
> -Mike


It is my understanding that OpenID isn't about giving people unfettered
access. It is about not having to type your information and remember
passwords for 100 different sites. The idea behind federation is you
can allow access from certain OpenID domains to specific resources (FAS
still decides what gets served up) and you can also federate a Fedora
user account with an OpenID account. For more sensitive operations you
can still require the user type in their Fedora password or have a
certificate. http://www.gnucitizen.org/blog/openid-a-security-story/
lists some OpenID concerns (a lot of which we prevent by using https).

This issue is more than just an OpenID issue. In fact you can take
OpenID out of the equation to ask, how do we allow people to join when
the CLA is our biggest blocker. I think the correct answer here is the
one being looked at which is to allow things like posting comments, bugs
and setting up a user presence within Fedora should all be allowed
without the CLA (bugs are already allowed this way). For all other
things, as people want to do more the CLA is then presented as the next
step. Putting OpenID back into the equation doesn't really change much
other than a discussion on what level do we just accept OpenID and on
what level do we make them federate with a Fedora account.

Concentrating on the CLA bottleneck would make everything else possible.
We have concluded that it is a necessity but I hope that doesn't mean we
don't have any wiggle room.

--
John (J5) Palmieri <johnp@redhat.com>

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 12:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org