RFC: Detaching user name from email, LDAP and Single-Signon
Gervase Markham
gerv at mozilla.org
Fri Apr 9 09:01:51 UTC 2004
Joel Peshkin wrote:
> 1) Add a field to profiles containing a (varchar(128)) identifier. This
> field should be added to the profile before any of the authentication
> systems start to use it.
So this field would be accessed by Auth modules and used as a correlator
to relate Bugzilla accounts to accounts in Something Else? And it would
be opaque to the rest of Bugzilla?
Is 128 enough?
> 3) Single Signon
> Most single signon systems have a way to pass variables to a CGI
> containing the equivalent of fields from LDAP. The single signon module
> would accept the variables from the webserver and handle them in a
> similar manner to LDAP, using a durable identifier to locate the profile
> and auto-updating the email address and realname if it detects a change.
We may want to provide convenience functions for Auth module owners to
update profile information, so they all don't have to reimplement that
code. Ideally, in fact, Auth module authors would not have to write
Bugzilla database access code at all.
> 4) Detaching user identifier from email
> Once the system begins to maintain an identifier other than Realname
> or Email, it becomes possible to build configuration options to use that
> identifier in lieu of email addresses in presentation and selection of
> users.
Maybe I've misunderstood, but why would we ever want to display the
string "o=Mozilla Foundation,cn=Asa Dotzler" instead of an email address
or real name?
Gerv
More information about the developers
mailing list