Status of OpenID Consumer in Bugzilla

Joel Peshkin bugreport at
Sat Jul 2 02:01:41 UTC 2005

Rob Lanphier wrote:

>Hi Martin,
>Comments inline (multiple parts snipped out):
>On Fri, 2005-07-01 at 10:59 +0100, Martin Atkins wrote:
>>Rob Lanphier wrote:
>>>*  Where should the OpenID URI be stored?
>>LiveJournal does this by having a separate identity map table. Every new 
>>OpenID user gets a userid magically allocated and an entry placed into 
>>the map table which is essentially a (userid, identity) pair. This seems 
>>reasonable since it doesn't inflate any other tables and add needless 
>>indexes for sites which aren't using OpenID.
>I think you're probably right from a long-term perspective.  I have some
>misgivings about using an existing field that may clash with other auth
>BZ folks, what are your thoughts on this input?
extern_id was created so that, if an external authentication mechanism 
had an identifier for a user that persist even if the email address 
changes, the external identifier would be preserved.  This was 
originally for SiteMinder which passes LDAP attributes via enviroment 
variables.  One of those attributes is a numeric string that perists 
even if the user's name and email address change (like in the case of 
marriage or domain name renames).  The environment variable 
authenication mechanism will rename an existing profile to re-learn the 
email address and real name of a user if the extern_id is the same.

This sounds like it matches the purpose of the OpenID identifier.  The 
biggest problem I see is that Bugzilla cannot get either Realname or 
Email address from OpenId.  It would be very cool if OpenID were tied 
into an SMTP server so that sites to which I previously logged in could 
send me mail (unless I revoke the permission) by using a mail-delivery 
key provided by my OpenID provider.


More information about the developers mailing list