I like Google Docs, but can we get that put into the wiki?
I spent a while learning Acegi stuff so that I could create a custom SSO
integration with our identity system at Sun, so I could add quite a bit
more detail about "Whats going on in security.xml".
There is also no mention of what happens beyond Acegi, which is an
important part of understanding how authentication works in Roller. In
particular you need to know about the RollerSession object and some of
the other code in the ui.core.security package, such as auto
provisioning. i.e. how an authentic user becomes a Roller User object
the system can make use of.
As it turns out, we have had a fairly high priority request come in to
add comment authentication to our installation, so I am going to be
working on that very soon. So I should be able to help out with this
proposal a bit.
A few quick comments on the proposal ...
* Adding columns to the db for "openid_*" seems a little hokey to me.
Is it not better to find a generic (meaning non-openid specific) way of
accomplishing this? We are bound to run into a situation like this
again in the future and I don't think messing with the schema every time
is the best solution.
* Is it expected that openid users will get a local account provisioned?
or are we planning this such that these users would be managed
externally, similar to an ldap directotry scenario?
* A tricky part that will need more consideration is the comment
authentication part. In particular, Roller currently does not allow a
situation where an authentic user is not also available via lookup in
the UserManager. This will need some revising.
-- Allen
Dave wrote:
I just did this write-up for Tatyana to help her understand how auth
works in Roller:
http://docs.google.com/Doc?id=dg2cfnzw_11fcjbbgdz
The latest version of the OpenID proposal she is working on is here:
http://cwiki.apache.org/confluence/x/zVAB
As always, feedback is welcome.
- Dave
