RFC: Detaching user name from email, LDAP and Single-Signon

Gervase Markham gerv at mozilla.org
Fri Apr 9 09:01:51 UTC 2004

Joel Peshkin wrote:
> 1) Add a field to profiles containing a (varchar(128)) identifier.  This 
> field should be added to the profile before any of the authentication 
> systems start to use it.

So this field would be accessed by Auth modules and used as a correlator 
to relate Bugzilla accounts to accounts in Something Else? And it would 
be opaque to the rest of Bugzilla?

Is 128 enough?

> 3) Single Signon
>    Most single signon systems have a way to pass variables to a CGI 
> containing the equivalent of fields from LDAP.  The single signon module 
> would accept the variables from the webserver and handle them in a 
> similar manner to LDAP, using a durable identifier to locate the profile 
> and auto-updating the email address and realname if it detects a change.

We may want to provide convenience functions for Auth module owners to 
update profile information, so they all don't have to reimplement that 
code. Ideally, in fact, Auth module authors would not have to write 
Bugzilla database access code at all.

> 4) Detaching user identifier from email
>     Once the system begins to maintain an identifier other than Realname 
> or Email, it becomes possible to build configuration options to use that 
> identifier in lieu of email addresses in presentation and selection of 
> users.

Maybe I've misunderstood, but why would we ever want to display the 
string "o=Mozilla Foundation,cn=Asa Dotzler" instead of an email address 
or real name?


More information about the developers mailing list