THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Status | Proposal under development |
Special Note | Google Summer of Code 2008 project |
Target Release | 4.1 |
Original Authors | Tatyana Tokareva, Dave Johnson |
Abstract
This project aims to add OpenID support to Roller both for user accounts and for those leaving blog comments. Make it so that new and existing users can choose to tie their user account to an OpenID identity and use that for all subsequent logins. And, make it so that bloggers can require that folks login via OpenID before leaving a comment. These features could be implemented by modifying Roller's existing Spring Acegi configuration and/or by documenting how to use a Container Manager Authentication (CMA) configuration, e.g. OpenSSO paired with a Servlet Container.
It's quite evident that the number of online user accounts increases rapidly. It's almost impossible to remember logins and passwords on each website, and that's why systems that use authentication servers have valuable priority. As far as the Roller blog server is an application which provides access to different blog sites, and all of them require authorization, it can be very useful to reduce the amount of logins at different services to minimum. It can be done by implementing the OpenID identification to the server.
Benefits for the community
The main aim of the project is to increase the efficiency of the authentication and authorization processes at the Roller blog server by managing logon to several services and users' identity in one place via an authentication server with OpenID technology. Using this technology, we'll achieve cross-application and cross-domain single sign-on (SSO). As a result, the users will be more satisfied as they won't have to remember logins and passwords from every website, and just use single OpenID identifier. And the number of people using Roller blog will increase.
With the fulfillment of the objectives previously exposed, the community will see beneficiary in the following aspects:
...
OpenID is a technology that allows users to use one username/password pair to login to large number of web sites, but to never have to reveal their password to any of those sites.
Requirements
- Allow new users to register and login via OpenID
- Allow existing users to login via OpenID
...
- Allow site operators to choose one of three modes of operation:
- Disabled: no OpenID support and no evidence of OpenID in the Roller web UI
- Hybrid: allow users to login via either username/password or OpenID identifier
- Only: require users to login only via OpenID identifier
...
Issues
Should the user have a choice of which opened_url to use during authentication?
If the user can have multiple opened_urls, there should be some additional functionality on the page where the user can edit its profile details - add or remove certain opened_url from the list - and adjusted database structure should be implemented.
...