[Systers-dev] Project Using Mailman Authentication
Robin Jeffries
robin at jeffries.org
Mon Mar 22 21:51:20 PDT 2010
On Mon, Mar 22, 2010 at 2:25 PM, Terri Oda <terri at zone12.com> wrote:
>
>
> Jaideep Khandelwal wrote:
>
>> 1.) Do we need to create a separate OpenID Provider according to systers
>> needs and including a consumer form just to accept only and only those ids
>> which has been created by our Open ID Provider .
>>
>
> I believe requiring people to use our own OpenID provider would negate many
> of the benefits provided by OpenID (to whit: that Systers members could use
> a more popular account of their choice rather than having to remember yet
> another password).
>
> That said, it might be helpful for us to be an OpenID provider as well, in
> case people would prefer to keep their Systers membership separate for some
> reason... I believe this was discussed last year, and I'm sure someone with
> a better memory than can fill you in on the issues discussed then. :)
The concern raised last year was that we might need to be a provider,
because some of systers members are very likely not to have accounts with
any of the existing providers (there are definitely some old school folks on
systers) and we wouldn't want to make having a gmail or facebook account as
a requirement for being on systers. However, it would be a very bad idea
for someone to use their systers account as an openid credential for
anything important -- like their mail or their bank account (I don't know of
any banks that use openid, but eventually they will), as we are just a bunch
of volunteers with no one minding the store full time to make sure we aren't
hacked, and ABI (our parent organization) would not want to take
responsibility for someone's identity getting stolen. So how would we
ensure that people don't treat a systers credential as the ultimate in
secure identity? (That's as far as we got, to the best of my memory --
raising this issue, but not resolving it. It would be worth someone
researching who some of the smaller openid providers are, and how they deal
with this, if they don't have a staff to guarantee (well, come close to) the
integrity of the credentials they provide.
>
>
> 2.) Two statements for the idea has
>> * Systers would like to use the mailing list membership info and
>> password to access other resources.
>> **This project essentially aims at getting Single Sign On to work for
>> the various systers account using their mailman passwords for
>> authentication.
>>
>> *What does this '*other resources*' and '*various systers account*'
>> include
>>
>
> The first one that comes to mind is the systers wiki. I imagine this is
> also with an eye to future ideas, though, which is why it's nebulous. For
> example, Jen mentioned doing a planet/blog aggregator: if we had a nice
> single signon system, we might be able to let people more easily add
> themselves and update their information. But right now, that could result
> in requiring yet another login...
>
> Terri
>
>
>
>
> To unsubscribe from this conversation, send email to <
> systers-dev+mentor+unsubscribe at systers.org<systers-dev%2Bmentor%2Bunsubscribe at systers.org>>
> or visit <
> http://systers.org/mailman/options/systers-dev?override=67&preference=0>
> To contribute to this conversation, use your mailer's reply-all or
> reply-group command or send your message to systers-dev+mentor at systers.org<systers-dev%2Bmentor at systers.org>
> To start a new conversation, send email to <systers-dev+new at systers.org<systers-dev%2Bnew at systers.org>
> >
> To unsubscribe entirely from systers-dev, send email to <
> systers-dev-request at systers.org> with subject unsubscribe.
>
To contribute to this conversation, send mail to <Terri Oda >
More information about the Systers-dev
mailing list