#173: OpenID support
- Contents
- Proposed by
- Wichert Akkerman
- Seconded by
- Alexander Limi
- Proposal type
- User interface, Architecture
- Assigned to release
- Repository branch
- plip173-openid
- State
- completed
Motivation
More and more websites require you to have an account in order to use them. This is true for commercial sites but also for most sites which feature some form of interactivity such as leaving comments on blog posts. Since having to register accounts in dozens of sites and having to login to every one of them is a somewhat mind-numbing experience it would be very practical to use a shared authentication service.
OpenID implements such a service: once you have an account there you only need to sign on once and all OpenID-enabled sites will automatically pick up your identify and be able to use that.
Proposal
- A set of PAS plugins need to be written which implement the OpenID protocol.
- a Plone configlet to configure the OpenID connection
In order to comply with the OpenID code bounty a couple of further changes are required:
- the login pages need to be modified to show an OpenID logo
- the login pages need to be modified to have a "What is OpenID" explanatory text
Deliverables
The implementation will be done in the form of two packages: a package with the PAS plugins and a package with the Plone integration.
Risks
The OpenID packages introduce extra dependencies: the openid, urljr and yadis packages packages from OpenID are needed as well as elementtree.
Participants
Wichert Akkerman
Alexander Limi
Do we have to show the "What is OpenID" _all_ the time?
If it's all optional, that's great.
If we have to show this all time, even when people haven't installed
the optional compontent, then it seems like we're becoming corporate
shills for Verisign for $5k. ;)
Re: Do we have to show the "What is OpenID" _all_ the time?
My current implementation has a browser view which checks the PAS configuration for enabled username/password and OpenId extraction plugins and modifies the login form based on that.
Two things that I don't think were mentioned
- Ship OpenID support with the Plone core package
- But as an optional install, much like PloneLanguageTool is at the moment - uninstalled by default, but installable via two clicks :)
If this is not the case, please correct me. :)