1 |
Hello, all. |
2 |
|
3 |
Short summary: I'm working on creating an OpenID provider service using |
4 |
Gentoo LDAP. It will provide a common login service for Gentoo |
5 |
developers to Gentoo sites and other OpenID-aware sites (e.g. bug |
6 |
trackers, blogs). |
7 |
|
8 |
Source code: https://github.com/gentoo/identity.gentoo.org |
9 |
|
10 |
|
11 |
Final report |
12 |
============ |
13 |
|
14 |
Status: finished |
15 |
|
16 |
Short outline of features on my side: |
17 |
|
18 |
- basic OpenID 2.0 w/ authentication, SReg/AX user information exchange, |
19 |
|
20 |
- authentication possible via password, SSL certificate or SSH key, |
21 |
|
22 |
- two-phase authentication using TOTP tokens (compatible with Google |
23 |
Authenticator), |
24 |
|
25 |
- django-ldapdb based ORM to LDAP, with user password authentication. |
26 |
|
27 |
The project has resulted in a few patches to other projects as well. |
28 |
They were all merged except for some of the patches for django-ldapdb |
29 |
which are still pending. |
30 |
|
31 |
|
32 |
Plans for the future |
33 |
==================== |
34 |
|
35 |
The application needs some more work, tests and audits before it could |
36 |
be deployed. Afterwards, we should be able to deploy it with access |
37 |
limited to Gentoo developers. |
38 |
|
39 |
After upgrading our other services to support OpenID login, we can add |
40 |
a custom OpenID extension to pass Gentoo-specific information over |
41 |
OpenID (like whether the person is a developer). |
42 |
|
43 |
-- |
44 |
Best regards, |
45 |
Michał Górny |