[Systers-dev] Considering LDAP and OpenID

[Sarah Mei]

Hi Malveeka, I'm excited you're going to be working on this. Let me
know if there is a concrete way I can help.

On Thu, May 28, 2009 at 12:07 PM, Malveeka Tewari <malveeka at gmail.com> wrote:
> From what I gather from the discussion, the issues,  with using mailman
> passwords is that they are not not very well protected.
> But if we can fix these issues with mailman for our implementation, openID
> seems to be a good idea to work on.

That was my takeaway as well.

>  I think we can start implementing an openID
> provider module for the mailman first, test the effectiveness of single sign
> on and then once the wiki is up and working we can consider whether or want
> we want to make the Systers wiki as the openID provider.

I think so. One issue you might run into with mailman's data - people
generally have a password for each list they subscribe to, so there
will probably be duplicate email addresses with different passwords
for people who are on multiple lists. You may need to do some creative
SQL on the data you pull out to figure out how to consolidate into one
sign-on.

> I might be a bit biased here but using openID should not be very difficult
> for Systers users to adapt to. It is a new idea agreed, but using openID
> would mean they would not need to remember separate usernames and passwords
> for each of their Systers wiki or other systers affiliated accounts.

I see one issue here that is more policy than technical: do you want
to keep Systers' current mailman passwords, just store them encrypted?
Or assign everyone a new, one-time password as part of the switchover?
The latter gives us better security, since the mailman passwords have
been in the monthly emails. But it's not a great user experience.

Sarah