Re: [OpenID] Beanstalk removes OpenID support
Ben Laurie <benl <at> google.com>
2009-06-02 06:03:17 GMT
On Mon, Jun 1, 2009 at 10:22 PM, Chris Messina <chris.messina <at> gmail.com> wrote:
> On Thu, May 28, 2009 at 12:36 PM, Andrew Arnott <andrewarnott <at> gmail.com>
>> I don't know how one could add OpenID support to SVN. But OAuth would be
>> a natural. An 'svn authorize" command would pop up a web browser where the
>> user would log into the SVN server site (the OAuth SP) using OpenID or any
>> other credential, and then SVN could capture the OAuth token and use that
>> programmatically from then on.
>> Chris, what can we do to better "package" OpenID and OAuth as a combined
>> solution for these scenarios?
> Well, for one thing, document how that kind of flow might actually be
> And, FWIW, Google Code and Basecamp both provide a decent solution for
> dealing with OpenID users in cases with browser-less situations like the
> command-line... by providing a revokable/resettable secret that can be used
> in combination with one's OpenID to perform CLI authentication w/o creating
> a new username.
I don't think Google Code does ... but clearly it could, using the
mechanism it currently uses for generating passwords. That is, as you
say, a resettable random string, which could be used as an unguessable
user ID instead of as a password. Alternatively, if we used email
addresses as IDs, their email address could be their user id and
OpenID used to generate the password, much as Google Code does today.
Obviously, the fact you have to use the password at all is SSO FAIL,
but to fix that I guess CLI apps have to figure out how to talk to
browsers. At least, in the OpenID world. There are other worlds.
> It's all in how you think about implementing the solution — being pragmatic
> and not overly religious!
>> 2009/5/28 Ben Laurie <benl <at> google.com>
>>> On Wed, May 27, 2009 at 11:43 PM, Chris Messina <chris.messina <at> gmail.com>
>>> > So Beanstalk just removed support for OpenID from their hosted
>>> > subversion
>>> > app:
>>> > http://www.wildbit.com/blog/2009/05/26/what-happened-to-openid-support-in-beanstalk/
>>> > I find this both interesting and frustrating, since I used OpenID to
>>> > sign in
>>> > to my Beanstalk account and now can't remember my username. Heh, go
>>> > figure.
>>> > Still, it points out that the lack of desktop/API solution for OpenID
>>> > as a
>>> > *baked* solution could really hurt the protocol as OpenID seeps into
>>> > more
>>> > applications. I mean, Beanstalk is still one application, but the fact
>>> > that
>>> > we as a community haven't articulated how to use OpenID with SVN (or
>>> > built
>>> > the technical machinery to make that easy) ultimately impacts adoption.
>>> > Anyway, thought it was worth bringing up here, since it's something I
>>> > hadn't
>>> > really seen before.
>>> It is also interesting that they ask for OAuth support in SVN, but
>>> what they actually need is OpenID support, isn't it?
>>> > Chris
>>> > --
>>> > Chris Messina
>>> > Open Web Advocate
>>> > Website: http://factoryjoe.com
>>> > Twitter: http://twitter.com/chrismessina
>>> > Facebook: http://facebook.com/chrismessina
>>> > Diso Project: http://diso-project.org
>>> > OpenID Foundation: http://openid.net
>>> > This email is: [X] bloggable [ ] ask first [ ] private
>>> > _______________________________________________
>>> > general mailing list
>>> > general <at> openid.net
>>> > http://openid.net/mailman/listinfo/general
>>> general mailing list
>>> general <at> openid.net
> Chris Messina
> Open Web Advocate
> Website: http://factoryjoe.com
> Blog: http://factoryjoe.com/blog
> Twitter: http://twitter.com/chrismessina
> Diso Project: http://diso-project.org
> OpenID Foundation: http://openid.net
> This email is: [ ] bloggable [X] ask first [ ] private