| 1 |
Hello, all. |
| 2 |
|
| 3 |
Short summary: I'm working on creating an OpenID provider service using |
| 4 |
Gentoo LDAP. It will provide a common login service for Gentoo |
| 5 |
developers to Gentoo sites and other OpenID-aware sites (e.g. bug |
| 6 |
trackers, blogs). |
| 7 |
|
| 8 |
Source code: https://github.com/gentoo/identity.gentoo.org |
| 9 |
|
| 10 |
|
| 11 |
Final report |
| 12 |
============ |
| 13 |
|
| 14 |
Status: finished |
| 15 |
|
| 16 |
Short outline of features on my side: |
| 17 |
|
| 18 |
- basic OpenID 2.0 w/ authentication, SReg/AX user information exchange, |
| 19 |
|
| 20 |
- authentication possible via password, SSL certificate or SSH key, |
| 21 |
|
| 22 |
- two-phase authentication using TOTP tokens (compatible with Google |
| 23 |
Authenticator), |
| 24 |
|
| 25 |
- django-ldapdb based ORM to LDAP, with user password authentication. |
| 26 |
|
| 27 |
The project has resulted in a few patches to other projects as well. |
| 28 |
They were all merged except for some of the patches for django-ldapdb |
| 29 |
which are still pending. |
| 30 |
|
| 31 |
|
| 32 |
Plans for the future |
| 33 |
==================== |
| 34 |
|
| 35 |
The application needs some more work, tests and audits before it could |
| 36 |
be deployed. Afterwards, we should be able to deploy it with access |
| 37 |
limited to Gentoo developers. |
| 38 |
|
| 39 |
After upgrading our other services to support OpenID login, we can add |
| 40 |
a custom OpenID extension to pass Gentoo-specific information over |
| 41 |
OpenID (like whether the person is a developer). |
| 42 |
|
| 43 |
-- |
| 44 |
Best regards, |
| 45 |
Michał Górny |
Archives