Dave wrote:
Now that Matt has upgraded us to Spring Security, I'm reviewing the
Open ID for Roller proposal again.
http://cwiki.apache.org/confluence/x/zVAB
The requirements section of the proposal is a little to complicated
and mixes in implementation details. Below are what I believe to be
the core requirements for the project, in priority order.
Open ID for Roller Requirements
1) Allow new users to register and login via OpenID
2) Allow existing users to login via OpenID
i.e. by associating a Roller user account with an Open ID identity
3) Allow those who wish to leave comments to login via OpenID
4) Allow users to associate multiple OpenID accounts with one Roller account
i.e. associate multiple Open ID identities with one Roller user
Does that sound complete?
#1-3 seem logical enough.
#4 still eludes me. I don't see why someone would need to specify more
than one system that they plan to authenticate against. You only have
to login once to get into the system, so how would the other OpenIDs be
used?
Judging from the Spring Security 2.0 docs (http://tinyurl.com/3ne8pb),
supporting #1 should be pretty easy. We'll have to figure out how to
configure Spring Security, possibly adding some extension classes, to
support #2 through #4.
I think you'll need extension classes for all of #1-4. You'll need some
special code that can take an OpenID and verify it against its provider
so that the user gets a Session in Acegi.
The exact flow of events that take place in an OpenID login would be
nice to see on the proposal since it's not clear in my mind right now.
Allen Gillland raised a concern with adding OpenID specific fields to
Roller tables, but we do need some way to store a user's OpenID URI
(or list of URIs) in Roller. Could we do the same thing by adding a
new 'roller_openid' table?
I am still against any openid specific tables or columns. I think we
can provide a more generic solution that solves for OpenID and other
potential use cases down the road.
Why not a roller_userattr table?
create table roller_userattr(
user_id varchar(48) not null,
name varchar(64) not null,
value varchar(255)
);
Then you can associate any extra information needed about any user,
including OpenIDs. You can use these queries to get either the OpenIDs
for a user or the user for a given OpenID ...
select value from roller_userattr where user_id = 'userId' and name =
'openid.urls';
select * from rolleruser ru,roller_userattr rua where ru.id =
rua.user_id and rua.value = 'http://myopenid.com/url';
-- Allen
- Dave
