[fab] OpenID: an actually distributed identity system

[seth vidal]

On Wed, 2006-09-27 at 08:41 -0400, Michael Tiemann wrote:
> I saw OpenID ( http://openid.net/ ) presented and demonstrated at
> EuroOSCON last week--it looked really cool.  My reason for writing this
> morning is because on another list (grass-dev at grass.itc.it) developers
> are bemoaning the problem of (1) spam in their bugtracker, and (2) their
> desire to keep the bugtracker open and not require that users sign up
> for an account before using the system.
> 
> I understand there is a similar question being discussed about just how
> open to make the Fedora Wiki (not the CVS repository, but the Wiki).
> 
> I, too, hate the fact that I have to manage so many identities on the
> web, and I, too, wish there were a decent single sign-on for me to use
> with my favorite websites.  I'd like to suggest OpenID as a possible
> candidate for solving that problem and see whether enough people on this
> list agree to push it into the Fedora infrastructure.

- moinmoin has been 'openid enabled' - but only in 1.5.X - not the
version we're using right now - 1.3.X. We should be able to move to it -
but it will be an involved process, I'm sure. Not the least of which is
getting all the people to now create openid accounts. And this says
nothing of the need for the CLA that we require.

- mailman - it has been openid enabled but not in the upstream release.
Patches are available.

- bugzilla appears to be completely out in the cold which means there
would be a need for someone to do the programming and, theoretically,
submitting the patches upstream.

So we'd have to refit a good portion of our infrastructure (some of
which also serves @redhat.com not just fedora) and we'd have to get our
users to migrate to the new login mechanism. I'm not saying it's
impossible but I think we're looking at a development time and migration
path that IF we have people willing to undertake it will take greater
than a year.

-sv