On Mar 27, 2012, at 01:29 PM, Terri Oda wrote:
So Postorius (the webUI) has a sketch of an auth system using BrowserID at the moment. BrowserID is convenient 'cause it proves you have ownership of a given email address, but we should have OpenID working soon once we've got the code to confirm that a given OpenID can be associated with an email address.
We should do a little thinking about how to make sure that the archives system can make use of the webui authentication. In theory, you could just use the same browserID/etc. and perform authentication again to provide a single sign on with the same tokens, but we can probably do something nicer by sharing the webui django accounts.
Definitely.
One thing the engine has to expose is the ability to associate multiple email addresses with a "user". The core supports this as a concept, but we may not have what we need exposed in the REST API yet. It's also something I want to expose in the email commands interface.
-Barry