On Thu, 18 Mar 2010 15:28:48 -0700, Brian Aker <[email protected]> wrote: > I'd like to start tracking user ownership on objects, aka who made > what. This is a little more complex for us since we don't have an > internal concept of a "user" since we delegate authority to other > systems. What I am thinking at the moment though is that we set up a > domain:user combination similar to what we see with HTTP. The other > option, and hold onto your socks, would be to use openID identifiers. > > I believe we could easily map OpenID to the more traditional systems > like LDAP/etc.
What about a simple "plugin_name:foo" where plugin_name is the plugin that was active at the time and foo is whatever that plugin understands (but must be text). so for a system using OpenID, you'd get a user understandable OpenId URL, for a htpasswd type thing you'd get something like "htpasswd:fred", for some NT like thing you'd get a SID (i think :) etc. So it's more about being able to track back who did what rather than anything to do with auth. Although I do kind of wonder if this belongs directly in the DB or off in some auditing module. I'm not sure that OpenID could actually map to an LDAP record. -- Stewart Smith _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
