Before we move tickets over, I think we should have a good login system that'll work long-term.
I would like to support ASF committers logging in via ASF LDAP (infrastructure can set up an auth proxy in front of Allura). If Allura gains popularity among other projects in Apache (and I hope it does), we could have a lot of ASF users on it, and managing that through the official LDAP system will help a lot. I think we'll also want anyone to be able to create an account so that they can report a bug, make a comment, etc. Setting up an auth provider which can handle both would be ideal. A problem, though is username conflicts. Even if we prevent users from registering with usernames that match existing ASF accounts, we could have a future problem if a new ASF committer chooses a username that a "regular" person has on Allura already. A possible solution is to "namespace" the usernames so that these two are separate and can't conflict. An underscore "_" is not allowed in ASF usernames, so it could be automatically appended to all "regular" Allura usernames (on forge-allura.a.o instance only of course). Or we could put something on all ASF committer usernames like an "asf-" prefix. I prefer to keep the ASF committer usernames unchanged since they will be the biggest potential users of Allura, so I'd go with johndoe_ format for non-ASF accounts on our instance of Allura. Messing with people's usernames is kind of ugly, but at least with them separated we'll have a clear distinction between the types and thus be able to make changes later, if needed. Thoughts, or better ideas? If we agree, we can begin working on this in a custom authentication provider. -- Dave Brondsema : d...@brondsema.net http://www.brondsema.net : personal http://www.splike.com : programming <><
