[Sugar-devel] [sugar] XO identity shared via Browse

Martin Langhoff martin.langhoff at gmail.com
Thu Dec 4 13:41:51 EST 2008


On Thu, Dec 4, 2008 at 3:10 PM, Ivan Krstić
<krstic at solarsail.hcs.harvard.edu> wrote:
> Can we please not duke out the issues with OpenID on this particular list?

+1. Two quick notes to Sebastian - Ben's criteria on security and the
internet is surprisingly important as he's one of the key devs behind
the apache https implementation.  And - if you read his posts on his
blog... you'll see that the OpenID guys ended up agreeing, and working
out together that a native browser implementatino is the only safe
path. Those are two tidbits you'll find if you follow that (now old)
conversation.
...
> But
> I've come around since then -- an XS IdP will probably mean people expect to
> be able to use their OpenID from anywhere, including e.g. internet cafe
> machines that are not their XOs, in which case the strong OOB authentication
> to the IdP would be absent, thus we're back down to a password, thus we go
> down the rabbit hole of stupidity that I was trying to avoid in the first
> place.

Well, that scenario I think is alright -- their identity "naturalyl"
with them if they have their XO, but without it... well, it's not.
Still, it would only be with them at an internet cafe with their XO if
their IDP is internet-visible and authenticates them over the Internet
connection. In other words: not by default on any XS build, possibly
never ;-)

(hopefully something that is opt-in for the local team once the bits
are in place...)

> For those just tuning
> in, the whole story of Jabber on the XO has basically been colorfully
> fucked, as has that of the entire collaboration stack. I suggest further
> proposals of actually using Jabber for anything wait until the basic XO
> implementation gets to the point where IRC was 20 years ago -- namely,
> working.

Well put.

There's another (offtopic) bit of news on that saga: it turns out that
a part of the problem (on the XS side at least) has been because
little time has been spent understanding ejabberd. Now, ejabberd has
gotten significantly better lately at things that we care about, but
with a bit of doco-reading-fu ejabberd is turning out to be a very
reliable workhorse.

Just got to know how to talk to it :-)




m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Sugar-devel mailing list