[opensource-dev] OpenID based logins?

Kadah kadah.coba at gmail.com
Wed Apr 27 18:36:10 PDT 2011

Previous message: [opensource-dev] OpenID based logins?
Next message: [opensource-dev] OpenID based logins?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/27/2011 5:25 PM, Yoz Grahame wrote:
> 
> On 28 April 2011 01:34, Kadah <kadah.coba at gmail.com
> <mailto:kadah.coba at gmail.com>> wrote:
> 
>     How about fixing the openID issues with jira before that? I would like
>     to be able to keep issues open within my browser without openID reseting
>     every tab the dashboard and forcing their history's to the openID
>     process page.
>     Monty and Oz said this was a known issue.
> 
> 
> I don't know which issue you're talking about from your description - is
> there an existing issue you can point me to?
> The main JIRA-related OpenID issue I'd love to fix is related to
> timeouts and sign-out. There is currently no "single-sign-out" in the
> OpenID spec, which means that until we can implement a uniform method of
> doing this across RPs (which we have a plan for) we need to keep
> sessions fairly short, and this is a right pain.

I described it to Oz and Monty and they knew almost instantly what I was
talking about so here's how is described it to them.
I'll have many open tabs on Firefox to jira issues, if I close and
resume the session, all those tabs will load, hit the openID auth and
all those tabs be redirected to the dashbord or to an a random issue
that I filed but wasn't opened in the previous session. 'Back' on the
tabs will only go back to the openID auth.
They said it was a known issue and from the reaction, it sounded like
there was already an open issue on this but either didn't know the key
or was an internal one. I'm unable to find a public one.
Maybe Oz know's more?

>     And I'm also against linking SL accounts with any other service. I feel
>     that should be opt-in only and done in a manner that will not risk
>     inadvertent disclosures of SL idents (like usernames) to these 3rd
>     parties.
> 
> 
> I don't see how we could do it *without* it being opt-in. I mean, I'm
> sure there are incredibly cunning ways that we could root those details
> out if we were really determined, but not only do we not have the time,
> we're not actually inclined that way to begin with.
> 
> Also, bear in mind that what we're talking about here is use of an
> OpenID for private authentication, not for public display. This is not
> about doing any kind of public association.
> 
> -- Yoz
>  
Its hard enough to get google to let me use 4 different accounts (all
for different things and one solely for apps) as is :P

Previous message: [opensource-dev] OpenID based logins?
Next message: [opensource-dev] OpenID based logins?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the opensource-dev mailing list