Martin Langhoff wrote:
On 9/6/06, Ivan Krstić <[EMAIL PROTECTED]> wrote:
Martin Langhoff wrote:
> Sounds good to me. Who should I be talking to if I want to integrate
> with such scheme?
Me, in about one to two months.
Hi Ivan,
It's been about 2 monts - nag nag nag time ;-)
This thread covered a lot, including portable code and fairly complex
trust models. My needs are a lot simpler - from the point of view of a
web app running outside of the OLPC itself, do I have a means of
trusting a user id and perhaps some user info from each OLPC.
We talked about using Open ID. I still think that's a very good idea.
In that model a child would set up a page that points to the OLPC Open
ID servers. (Probably pages would be automatically set up, but a child
could set up multiple pages that point to the same server, so a child
can relatively easily have multiple identities.) The OLPC Open ID
server would verify that they are who they say they are, but that would
mostly happen behind the scenes. You'd simply get an authenticated URI
which would serve as the identity. Well, Open ID 2 I believe has some
options for sharing information in addition to authentication, and using
i-names (which seem to look a lot like email addresses) in addition to
URIs. I haven't seen any of what Open ID 2 provides, so I'm a little
vague on this stuff.
This seems to address a lot of the privacy concerns, and also gives you
a clear and documented standard that you can target without doing
anything specific to OLPC. And there's already libraries out there for
you to use.
Any additional user info would either have to be set up in your
application, or we'd have to add more ways to get information (which is
possible in Open ID, I believe, but opens up privacy questions).
--
Ian Bicking | [EMAIL PROTECTED] | http://blog.ianbicking.org
_______________________________________________
Sugar mailing list
[email protected]
http://mailman.laptop.org/mailman/listinfo/sugar
