[Sugar-devel] [sugar] XO identity shared via Browse
sebastian at fuentelibre.org
Wed Dec 3 10:04:29 EST 2008
Tomeu Vizoso wrote:
> Second, we may need to think a bit about how we are going to resource
> this task. Simon is the Browse maintainer and has a good knowledge of
> its internals, though Marco and me have hacked occasionally on it.
> AFAIK, none of us have a good knowledge of security issues and use to
> ask Michael for advice. And the third knowledge area involved is the
> school server, with Martin on the wheel.
It looks like currently different custom solutions are being tried but
nothing has been decided that is a Standard. Once we agree on that,
stakeholders for it perhaps should own it and coordinate on it instead
of each reinventing the wheel (or we making up some "custom" magic
instead of a good standard). I know I'm a stakeholder for this, but
can't lead it, I'd like to help as much as I can.
> So I propose that server and security experts discuss the different
> possibilities first and then ask the sugar people about how best to
> implement the client side of this. Mozilla gives us lots of hooks for
> altering the conversation between the browser and the server, so we
> have a good deal of flexibility there that we can take advantage of.
Yes, one thing though: As Adam correctly pointed out to me, security is
also about Usability. I'm not convinced laptop=user is a good policy and
in our general educational mantra of not dumbing down the real world, my
contention is that ONE user/pass combination is all a kid needs (if we
use OpenID). Small kids are perfectly capable of understanding this
concept (40% of kids in Uy already use GMail, btw that means they
already have one openid - I'm suggesting the school should provide
identity for its students and its teachers and NOT Google).
> So I'm cc'ing to devel at l.o and sugar-devel at s.o where OLPC and other
> Sugar deployers (I'm thinking specially on Brendan and Caroline) can
> discuss the different alternatives.
Please lets not invent some magic voodoo way that only we can use to
auth a laptop. We are solving one little problem by ignoring one much
larger one. There is nothing to gain by saving kids from one password
and forcing them to get new accounts for everything else.
More information about the Sugar-devel