[xwiki-devs] [gsoc] Re: Single Sign-On project
Artem Melentyev
amelentev at gmail.com
Wed Jul 2 14:01:07 CEST 2008
Markus Lanthaler wrote:
>...
> * How should the issued OpenID URLs look like?
> http://www.xwiki.org/xwiki/bin/view/XWiki/UserName seems to be to long for
> me. Something like http://www.xwiki.org/user/UserName would be much better
> in my opinion. What do you think? Would that be possible with the existing
> architecture?
Yes. We can simply map these url to openid servlet in web.xml, I think.
Also I think we can provide openid account per virtual xwiki for it's
owner. So for example wiki owners at myxwiki.org will get openid
accounts like servername.myxwiki.org
(And I want openid account amelentev.myxwiki.org :))
> * What about user recycling, i.e. if a user (Alice) deletes his account and
> another one (Bob) creates an account with the same user name afterwards what
> should happen? Bob would be able to log-in to all sites on which Alice used
> her XWiki account. Yahoo for example solves this by appending a fragment
> like #fk32j to each OpenID. So the OpenID URL
> http://www.xwiki.org/user/UserName would become
> http://www.xwiki.org/user/UserName#fragment
-1
It dirties a clean openid url. And I don't want to memorize this
fragment. :)
Maybe there is some other way to resolve this problem? I think it is.
For example store some key in openid account and openid consumers also
check this key when signin. When openid account recreated, key is
changed. Maybe there is something similar in openid standard?
--
Artem Melentyev / http://marting.myopenid.com/
More information about the devs
mailing list