Status of OpenID Consumer in Bugzilla
Joel Peshkin
bugreport at peshkin.net
Sat Jul 2 02:01:41 UTC 2005
Rob Lanphier wrote:
>Hi Martin,
>
>Comments inline (multiple parts snipped out):
>
>On Fri, 2005-07-01 at 10:59 +0100, Martin Atkins wrote:
>
>
>>Rob Lanphier wrote:
>>
>>
>>>* Where should the OpenID URI be stored?
>>>
>>>
>>LiveJournal does this by having a separate identity map table. Every new
>>OpenID user gets a userid magically allocated and an entry placed into
>>the map table which is essentially a (userid, identity) pair. This seems
>>reasonable since it doesn't inflate any other tables and add needless
>>indexes for sites which aren't using OpenID.
>>
>>
>
>I think you're probably right from a long-term perspective. I have some
>misgivings about using an existing field that may clash with other auth
>mechanisms.
>
>BZ folks, what are your thoughts on this input?
>
>
>
extern_id was created so that, if an external authentication mechanism
had an identifier for a user that persist even if the email address
changes, the external identifier would be preserved. This was
originally for SiteMinder which passes LDAP attributes via enviroment
variables. One of those attributes is a numeric string that perists
even if the user's name and email address change (like in the case of
marriage or domain name renames). The environment variable
authenication mechanism will rename an existing profile to re-learn the
email address and real name of a user if the extern_id is the same.
This sounds like it matches the purpose of the OpenID identifier. The
biggest problem I see is that Bugzilla cannot get either Realname or
Email address from OpenId. It would be very cool if OpenID were tied
into an SMTP server so that sites to which I previously logged in could
send me mail (unless I revoke the permission) by using a mail-delivery
key provided by my OpenID provider.
-Joel
More information about the developers
mailing list