www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Centralised authentication/authorisation
Date Thu, 27 Nov 2008 10:49:42 GMT
Tony Stevenson wrote:

> Agreed, this is something I was looking at.  I was hoping to find a way
> for non committers usernames to have -pub tagged on the end.
> potentially looking at a sign up page, that would create accounts in
> LDAP with this tagged on the end.  Maybe even a self service page, that
> used email verification.
> 
> So any accounts that are created by root@ as part of the committer
> process would be manually created, and obviously not have the -pub, thus
> preventing namespace squatting.

There is a big potential problem with this approach - people will not 
get the choice to choose their usernames, and in the process they will 
not remember them.

This will generate a support burden where people will ask "what is my 
username?". If you build them a tool that looks up their username based 
on email address, you've reached the point where you might as well just 
use the email address.

Also keep in mind that identifiers change over time. Today it is a 
username or email address, tomorrow it might be openid.

We need to make sure that the LDAP schema has room to grow.

Regards,
Graham
--

Mime
View raw message