Yep - unless there are bugs associated with it. I'll probably create a video on how to use it and post it on our new YouTube channel when I've got a few minutes to spare.
D. On Mon, Jun 14, 2010 at 2:12 PM, Anne Kathrine Petterøe <[email protected]>wrote: > So consensus is to keep OpenID, but not invest any more time in it? > > On 14. juni 2010, at 12.25, Richard Hirsch wrote: > > > I agree with Vassil. If I remember correctly, users created via OpenID > had > > their openid urls as their user ids which messed up our UI. > > > > The one idea I had was to add the OpenID to the sign-up page and created > a > > JIRA item for this. I looked at the code in the ProfileMgr that dealt > with > > this in the profile and decided that adding the openID to the sign-on > page > > was non-trivial and thus placed the jira item in the backlog. > > > > On Mon, Jun 14, 2010 at 12:16 PM, Vassil Dichev <[email protected]> > wrote: > > > >>> And my question still remains the same ;-) > >>> Should we use time on this right now, or would it be easier to remove > the > >> field in the UI for now? > >> > >> Sorry for not following up on this: I had the impression that OpenID > >> worked as intended and the user is not supposed to create a user > >> through OpenID. This would mean that the username would be > >> autogenerated and currently you cannot edit the username. This is not > >> a hard requirement, but do we want to make the username editable? It > >> might make some implications for using existing pools, actions, etc. > >> (not that they're bound to the username, but an attacker might use it > >> for phishing/social engineering). > >> > >> Another drawback of OpenID user auto-creation is that a user will not > >> have a password initially, and might not ever choose to set it. I'm > >> not sure this is desirable, considering that OpenID might not always > >> be available and there's no other way to log in. > >> > > > > Good point - the necessity of having two logins is feature :-> > > > > > >> Finally, from usability point of view if you think you have associated > >> an OpenID URL with an existing account, but you're not, then logging > >> in with OpenID will create a new account you do not want. This is > >> especially tricky considering that we treat these as different URLs: > >> > >> http://host/path/ > >> http://host/path/index.html > >> http://host.domain.com/path/ > >> > >> So is OpenID actually broken? If it's not, there's no point in fixing > it. > >> > > > > I also agree with Anne that in the long-term, we will probably have > > container-based authentication, so investing more time in OpenID probably > > isn't ideal. > > > >> > >> Vassil > >> > >
