#173: OpenID support

Contents
  1. Motivation
  2. Proposal
  3. Deliverables
  4. Risks
  5. Participants
by Wichert Akkerman last modified Jan 03, 2007 06:33 AM

Add support for the OpenID decentralized identify system to Plone

Proposed by
Wichert Akkerman
Seconded by
Alexander Limi
Proposal type
User interface, Architecture
Assigned to release
Repository branch
plip173-openid
State
completed

Motivation

More and more websites require you to have an account in order to use them. This is true for commercial sites but also for most sites which feature some form of interactivity such as leaving comments on blog posts. Since having to register accounts in dozens of sites and having to login to every one of them is a somewhat mind-numbing experience it would be very practical to use a shared authentication service.

OpenID implements such a service: once you have an account there you only need to sign on once and all OpenID-enabled sites will automatically pick up your identify and be able to use that.

Proposal

  • A set of PAS plugins need to be written which implement the OpenID protocol.
  • a Plone configlet to configure the OpenID connection

In order to comply with the OpenID code bounty a couple of further changes are required:
  • the login pages need to be modified to show an OpenID logo
  • the login pages need to be modified to have a "What is OpenID" explanatory text

Deliverables

The implementation will be done in the form of two packages: a package with the PAS plugins and a package with the Plone integration.

Risks

The OpenID packages introduce extra dependencies: the openid, urljr and yadis packages packages from OpenID are needed as well as elementtree.

Participants

Wichert Akkerman

Alexander Limi

Two things that I don't think were mentioned

Posted by Alexander Limi at Aug 17, 2006 06:42 PM
If I remember this correctly, the plan would be to:

- Ship OpenID support with the Plone core package

- But as an optional install, much like PloneLanguageTool is at the moment - uninstalled by default, but installable via two clicks :)

If this is not the case, please correct me. :)

Do we have to show the "What is OpenID" _all_ the time?

Posted by Joel Burton at Aug 26, 2006 12:50 AM
Or just when the OpenID part is installed/configured?

If it's all optional, that's great.

If we have to show this all time, even when people haven't installed
the optional compontent, then it seems like we're becoming corporate
shills for Verisign for $5k. ;)

Re: Do we have to show the "What is OpenID" _all_ the time?

Posted by Wichert Akkerman at Aug 26, 2006 12:55 AM
My understanding is that we only have to show it when OpenId is enabled. I will verify that with the OpenID folks. I am certainly not in favour of mentioning OpenId if it is not enabled.

My current implementation has a browser view which checks the PAS configuration for enabled username/password and OpenId extraction plugins and modifies the login form based on that.

nice

Posted by Britney Spears at Apr 13, 2007 08:46 AM
Great information! I cannot tell you the hours I spent searching for some ".." somewhere, even in generated code. Nothing...