[opensource-dev] OpenID based logins?

[Yoz Grahame]

On 28 April 2011 01:34, Kadah <kadah.coba at gmail.com> wrote:

> How about fixing the openID issues with jira before that? I would like
> to be able to keep issues open within my browser without openID reseting
> every tab the dashboard and forcing their history's to the openID
> process page.
> Monty and Oz said this was a known issue.
>

I don't know which issue you're talking about from your description - is
there an existing issue you can point me to?
The main JIRA-related OpenID issue I'd love to fix is related to timeouts
and sign-out. There is currently no "single-sign-out" in the OpenID spec,
which means that until we can implement a uniform method of doing this
across RPs (which we have a plan for) we need to keep sessions fairly short,
and this is a right pain.


> And I'm also against linking SL accounts with any other service. I feel
> that should be opt-in only and done in a manner that will not risk
> inadvertent disclosures of SL idents (like usernames) to these 3rd parties.
>

I don't see how we could do it *without* it being opt-in. I mean, I'm sure
there are incredibly cunning ways that we could root those details out if we
were really determined, but not only do we not have the time, we're not
actually inclined that way to begin with.

Also, bear in mind that what we're talking about here is use of an OpenID
for private authentication, not for public display. This is not about doing
any kind of public association.

-- Yoz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20110428/ffbf6d79/attachment.htm