Shared Code for Login Users and Management
Discussion points
Wants
role-based users
Reusable user identities
If somebody did implement their own backend server, they'd be able to use it Rely on either a third-party or local identity authority For example, people could either use a server provided by or, in the case of a local app,
Simple management
Simple implementation (many languages)
One-stop shopping
Risks
Things that we're particularly worried about in an implementation.
Accidental exposure
This would cover things like web crawlers somehow finding an "erase all" link
Hacking
I think in general we're not super worried about security (for example, a man in the middle after login was something that got a lot of shrugs), but want the general bases covered. As we're not security experts, reusing a tested stack by somebody else would be nice.
Packages considered
Login/Authentication | Roles/Auth | Notes |
---|---|---|
OpenID | OAuth | Unsure how to tie together and handle management |
Drupal | Seems heavy when all we would want is the user code |
Comsumers
- GOLD database administration
- TermGenie