[Catalog-sig] OpenID login to PyPI
M.-A. Lemburg
mal at egenix.com
Mon Nov 16 23:20:38 CET 2009
"Martin v. Löwis" wrote:
>>> Unfortunately, at the same time, I'm skeptical that OpenID can really
>>> deliver here. For example, I see little chance that distutils could
>>> provide reasonable access to PyPI using OpenID, as OpenID is fairly
>>> bound to be run in a web browser only. So ISTM that package owners
>>> will have to set (and remember) a password, anyway, unless they always
>>> add new releases through the web interface.
>>
>> If username/password authentication will always need to be allowed on
>> PyPI, what is the rational for placing the current limitations on the
>> OpenID support? Or are you still undecided about whether
>> username/password authentication will indeed always be supported?
>
> I certainly don't know what always will be.
>
> As I'm not sure which specific restriction you refer to, in order:
>
> - [must be in wide use, using procedures that the community trusts]
> This is necessary to be able to trust the registry information,
> see below.
> - [must support OpenID 2.0]
> This is because that's all what the implementation supports
> - [must support provider-driven identifier selection]
> This is because I want to avoid ugly login boxes in the UI,
> and avoid having to type users in their OpenID.
> - [must provide a validated email address, either through AX or SREG]
> This is because I want to be able to trust the user interface,
> and avoid the email verification roundtrip (sparing both myself
> the implementation of it, and the user access to his email address
> at the time of registration)
> - [must support direct communication over https]
> This is because I didn't implement DH associations.
Are you using python-openid for this ?
http://openidenabled.com/python-openid/
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Nov 16 2009)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the Catalog-SIG
mailing list