Hey,

My name is Andy Smith, I'm one of the open source developers over at Sxip Networks (https://sxip.org), and I've been charged with adding SXIP support to Mailman, initially for our own internal uses but to be released open source and as an add-on to Mailman.

SXIP is a protocol for digital identity (Simple eXstensible Identity Protocol) that allows, among other things, single-sign on and secure attribute verification (ssl signing of xml data and whatnot). It's all open source and non-evil, too. It's fairly interesting and if you're interested hit up the site for more info (or just ask).

I am mailing this to you folks here on the developers list for two reasons, one, because I'd like to be giving this work over to you (the community) once I am finished, and two, because you all know much more about Mailman than I do in the short time I have been examining the code and any pointers or suggestions you can give me will surely be very helpful.

So, the goal of my work is to enable single-sign on for Mailman along the lines of the following scenario: ( "sxip in" = sign on, just using our branding )

- User arrives at a mailman site for the first time, and is presented

with an overview of public lists. On the page will be a sxip in button and a paragraph informing the user that he/she will have to sxip in to subscribe to a list or see any non-public lists that he/she might have permission to. - If a user sxips in right there the overview will be updated to to contain checkboxes and other relevant links so that a user can subscribe to any number of lists at the same time, or if they have mod or admin access they would see a couple other options. I'm not totally sure at this point what these options should be. - If a user does not sxip in on this first page and instead clicks on a list to see the list info, he/she will be taken to the list info page, with a similar sxip in button and paragraph. In order to subscribe to a list or get any further, the user will have to sxip in. A "subscribe to this list" link will be provided but it will just force the user to sxip in and then present them with a prompt to confirm that they'd like to subscribe. - Once the user sxips in here, they will be taken back to the list info page but with more options available, including mod or admin links if appropriate to their authentication level. - A user will not need to confirm subscription via an email when subscribing this way, because during sxip in a verified email address (as well as first and last name) will be provided through the sxip in process (this is one of the features of the protocol).

How I plan to do this, and please let me know if some of these things seem totally off, I've looked through the code but I may have misunderstood something:

- Data will be stored in the same way as the other mailman data,

using pickled flat files. * There will be a new file that represents all the admins and moderators on the system keyed on listname, with values consisting of a dictionary of keyed on user email addresses with values containing their authorization level * Note: How to handle list creator privilege? specific "site" key in the root of the structure? * It should be possible to make use of the current password scheme involved with the cookies to associate privileges with a user based on list in this data structure, this has the benefit of allowing the simple overloading of the function that checks the cookie data. See Mailman.SecurityManager for the functions used to handle passwords and check cookies. - User properties will remain in the current format, as will list info, nothing new is required there. - To enable sxipping out, true sessions will have to be implemented, which could be done using code as described at http://starship.python.net/crew/davem/cgifaq/faqw.cgi?req=show&file=faq02.011.htp, however the code there is not fully secure and sxip out support may not be a priority at the beginning (just let the cookie expire?). - There will be a new set of UI pages once the initial work is done to allow a user to sxip in to a session * A page requesting a sxip in, to be called by the various CGI scripts when a user attempts to go somewhere that requires auth. Overload Mailman.Cgi.Auth.loginpage * List Overview will have to be overloaded to show subscription options once sxipped in * List Info will give admin and mod options when sxipped in * All cgi scripts will have to be checked to be sure they authenticate first - To add a new member during sxipped in subscription will overload ApprovedAddMember in Mailman.MailList to be used automatically by sxipping in - To get the lists that a user belongs to and their privileges, a sweep of the list data will have to be performed, which is a little bit of a performance hit, ideally this could be cached in the future but for now I will just hope the performance isn't too drastically poor.

Hopefully this model makes sense, I look forward to any comments or suggestions you may have.

• Andy Smith Army of Coding Monkeys MSN: msn@anarkystic.com Jabber: termie@jabber.org http://anarkystic.com/blog