Shared Code for Login Users and Management: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
=Discussion points= | =Discussion points= | ||
==Wants== | ==Wants== | ||
Line 29: | Line 17: | ||
===One-stop shopping=== | ===One-stop shopping=== | ||
==Risks== | |||
Things that we're particularly worried about in an implementation. | |||
===Accidental exposure=== | |||
This would cover things like web crawlers somehow finding an "erase all" link | |||
===Hacking=== | |||
I think in general we're not super worried about security (for example, a man in the middle after login was something that got a lot of shrugs), but want the general bases covered. As we're not security experts, reusing a tested stack by somebody else would be nice. | |||
=Packages considered= | =Packages considered= |
Revision as of 20:11, 12 July 2011
Discussion points
Wants
role-based users
Reusable user identities
If somebody did implement their own backend server, they'd be able to use it Rely on either a third-party or local identity authority For example, people could either use a server provided by or, in the case of a local app,
Simple management
Simple implementation (many languages)
One-stop shopping
Risks
Things that we're particularly worried about in an implementation.
Accidental exposure
This would cover things like web crawlers somehow finding an "erase all" link
Hacking
I think in general we're not super worried about security (for example, a man in the middle after login was something that got a lot of shrugs), but want the general bases covered. As we're not security experts, reusing a tested stack by somebody else would be nice.
Packages considered
Login/Authentication | Roles/Auth | Notes |
---|---|---|
OpenID | OAuth | Unsure how to tie together and handle management |
Drupal | Seems heavy when all we would want is the user code |
Comsumers
- GOLD database administration
- TermGenie