Following an authentication discussion in QGIS-PSC group, Sandro had the
(I think) good idea to check if it was maybe possible to let OSGeo
become an OpenID provider [0].
I truly do not know if that would be a lot of hassle, but I like the
idea having an OSGeo openid id, or the OSGeo being a FOSS authentication
provider...
Did some Googling [1] but does not seem trivial. Not sure what it would
cost in terms of money or manpower though..
Others have experience with this? Or opposing the idea?
On Tue, Apr 05, 2016 at 10:42:36AM +0200, Richard Duivenvoorde wrote:
Hi,
Following an authentication discussion in QGIS-PSC group, Sandro had the
(I think) good idea to check if it was maybe possible to let OSGeo
become an OpenID provider [0].
I truly do not know if that would be a lot of hassle, but I like the
idea having an OSGeo openid id, or the OSGeo being a FOSS authentication
provider...
Did some Googling [1] but does not seem trivial. Not sure what it would
cost in terms of money or manpower though..
Others have experience with this? Or opposing the idea?
Personally, I've installed my own OpenID identity provider some time
ago, using "simpleid" (apt-get install simpleid). But it is very
simple and only allows specifying accounts via filenames.
Often other services have plugins implementing an openid provider.
This is the case with Wordpress, for example. Since we run as OSGeo
both Drupal and MediaWiki (and trac) there's maybe a plugin adding
OpenID capabilities on top of them. Or even better to the LDAP
server itself (but I've zero experience with that).
The other side is allowing users to be identified using _other_
(foreign) OpenID providers, which would also be nice to make the
internet a smoother place
The above said, we might be needing to look at "OpenID Connect"
rather than just "OpenID", as the latter seems to be referred to
as an "obsoleted specification", superceeded by the former:
Not sure about which version of OpenID/Connect/Auth they implement,
but it would sound like a "cheap" intervention to turn the switch on.
Also, I've just found out that the provider I use ("simpleid")
has a LDAP connector too:
simpleid - simple OpenID provider implemented in PHP
simpleid-ldap - simple OpenID provider implemented in PHP - LDAP plugin
I can play with it some, but I completely lack on the LDAP side, so if
anyone can help me with that part, I can try to setup an authenticator
for OSGeo users on my own hoster for some experimentation.
