[Mailman-Developers] Architecture for extra profile info
Stephen J. Turnbull
stephen at xemacs.org
Thu Apr 18 10:28:29 CEST 2013
Main comment: Sounds like LDAP to me.
Florian Fuchs writes:
> 5) It should implement an oAuth provider.
I don't see this. Mailman is an auth consumer. The only people
Mailman can provide auth for are the site admins. Everybody else is
more or less untrustworthy.
I can see that there are applications where it would be useful to have
an auth provider bundled with Mailman, but I think implementing it is
somebody else's job.
> This could be used for API authenticaion and to log into
> Postorius/Hyperkitty
I think generic auth provider is overkill for these purposes, and a
trap for anybody who thinks we know enough about crypto/security to do
this stuff well.
More information about the Mailman-Developers
mailing list