Personal tools
You are here: Home Products Plone Roadmap #173: OpenID support
Navigation
Log in


Forgot your password?
New user?
 
Document Actions

#173: OpenID support

Contents
  1. Motivation
  2. Proposal
  3. Deliverables
  4. Risks
  5. Participants
by Wichert Akkerman last modified January 3, 2007 - 06:33
Add support for the OpenID decentralized identify system to Plone
Proposed by
Wichert Akkerman
Seconded by
Alexander Limi
Proposal type
User interface, Architecture
Assigned to release
Repository branch
plip173-openid
State
completed

Motivation

More and more websites require you to have an account in order to use them. This is true for commercial sites but also for most sites which feature some form of interactivity such as leaving comments on blog posts. Since having to register accounts in dozens of sites and having to login to every one of them is a somewhat mind-numbing experience it would be very practical to use a shared authentication service.

OpenID implements such a service: once you have an account there you only need to sign on once and all OpenID-enabled sites will automatically pick up your identify and be able to use that.

Proposal

  • A set of PAS plugins need to be written which implement the OpenID protocol.
  • a Plone configlet to configure the OpenID connection

In order to comply with the OpenID code bounty a couple of further changes are required:
  • the login pages need to be modified to show an OpenID logo
  • the login pages need to be modified to have a "What is OpenID" explanatory text

Deliverables

The implementation will be done in the form of two packages: a package with the PAS plugins and a package with the Plone integration.

Risks

The OpenID packages introduce extra dependencies: the openid, urljr and yadis packages packages from OpenID are needed as well as elementtree.

Participants

Wichert Akkerman

Alexander Limi

Two things that I don't think were mentioned

Posted by Alexander Limi at August 17, 2006 - 18:42
If I remember this correctly, the plan would be to:

- Ship OpenID support with the Plone core package

- But as an optional install, much like PloneLanguageTool is at the moment - uninstalled by default, but installable via two clicks :)

If this is not the case, please correct me. :)

Do we have to show the "What is OpenID" _all_ the time?

Posted by Joel Burton at August 26, 2006 - 00:50
Or just when the OpenID part is installed/configured?

If it's all optional, that's great.

If we have to show this all time, even when people haven't installed
the optional compontent, then it seems like we're becoming corporate
shills for Verisign for $5k. ;)

Re: Do we have to show the "What is OpenID" _all_ the time?

Posted by Wichert Akkerman at August 26, 2006 - 00:55
My understanding is that we only have to show it when OpenId is enabled. I will verify that with the OpenID folks. I am certainly not in favour of mentioning OpenId if it is not enabled.

My current implementation has a browser view which checks the PAS configuration for enabled username/password and OpenId extraction plugins and modifies the login form based on that.

nice

Posted by Britney Spears at April 13, 2007 - 08:46
Great information! I cannot tell you the hours I spent searching for some ".." somewhere, even in generated code. Nothing...

For any issues with the web site functionality, please file a ticket.

Please consult the policy on plone.org content if you want your content published on this site.

Servers and hosting by