[Sugar-devel] Single sign-on for Sugar Labs resources

[Aleksey Lim]

Hi all!

This case was already popped up from community point of view by
Pablo Flores in "Tools for the community" threads. So, this is a try
from Infrastructure Team side.

This is about Single sing-on feature for all Sugar Labs resources,
such as:

* http://wiki.sugarlabs.org
* http://git.sugarlabs.org
* http://bugs.sugarlabs.org
* http://activities.sugarlabs.org
* http://translate.sugarlabs.org
* https://packages.sugarlabs.org
* http://patchwork.sugarlabs.org

Basing on Infrastructure Team discussion in systems@ mailing list (it is
open, but for some time in the past it was used for discussing secure things
like passwords and its history is not public), there is a wiki page

    http://wiki.sugarlabs.org/go/Infrastructure_Team/Central_Login

and a motion:

* Centralized database of all users;
* Support Single sign-on on as many as possible Sugar Labs sites;
* Having users friendly (not only for geeks) Account management
  application;
* Use OpenID, if particular site support it, as a spare authentication
  method (but OpenID does not conform to Single sign-on);
* Push this new infra to production usage;
* Look for more authentication methods, like certificate based one from
  Sugar Shell, that might be useful in addition to the existing system.

This is an invitation to broad discussion and pointing out possible
down sides of this decision (in addition to [1]).

This is also a call for doers to implement [2], we need it in any case.
Or, pointing to the existing implementation that might be reused.

[1] http://wiki.sugarlabs.org/go/Infrastructure_Team/Central_Login#Costs_.26_Risks
[2] http://wiki.sugarlabs.org/go/Infrastructure_Team/Central_Login#Account_management_application

-- 
Aleksey