Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= <mgorny-aBrp7R+bbdUdnm+yROfE0A <at> public.gmane.org>
Subject: identity.g.o OpenID provider -- final report
Newsgroups: gmane.linux.gentoo.summer-of-code
Date: Saturday 28th September 2013 07:58:19 UTC (over 4 years ago)
Hello, all.

Short summary: I'm working on creating an OpenID provider service using
Gentoo LDAP. It will provide a common login service for Gentoo
developers to Gentoo sites and other OpenID-aware sites (e.g. bug
trackers, blogs).

Source code: https://github.com/gentoo/identity.gentoo.org


Final report
============

Status: finished

Short outline of features on my side:

- basic OpenID 2.0 w/ authentication, SReg/AX user information exchange,

- authentication possible via password, SSL certificate or SSH key,

- two-phase authentication using TOTP tokens (compatible with Google
  Authenticator),

- django-ldapdb based ORM to LDAP, with user password authentication.

The project has resulted in a few patches to other projects as well.
They were all merged except for some of the patches for django-ldapdb
which are still pending.


Plans for the future
====================

The application needs some more work, tests and audits before it could
be deployed. Afterwards, we should be able to deploy it with access
limited to Gentoo developers.

After upgrading our other services to support OpenID login, we can add
a custom OpenID extension to pass Gentoo-specific information over
OpenID (like whether the person is a developer).

-- 
Best regards,
Michał Górny
 
CD: 3ms