Shared Code for Login Users and Management

From GO Wiki
Revision as of 20:11, 12 July 2011 by Sjcarbon (talk | contribs)
Jump to navigation Jump to search

Discussion points

Wants

role-based users

Reusable user identities

If somebody did implement their own backend server, they'd be able to use it Rely on either a third-party or local identity authority For example, people could either use a server provided by or, in the case of a local app,

Simple management

Simple implementation (many languages)

One-stop shopping

Risks

Things that we're particularly worried about in an implementation.

Accidental exposure

This would cover things like web crawlers somehow finding an "erase all" link

Hacking

I think in general we're not super worried about security (for example, a man in the middle after login was something that got a lot of shrugs), but want the general bases covered. As we're not security experts, reusing a tested stack by somebody else would be nice.

Packages considered

Login/Authentication Roles/Auth Notes
OpenID OAuth Unsure how to tie together and handle management
Drupal Seems heavy when all we would want is the user code

Comsumers

  • GOLD database administration
  • TermGenie