[Python-Dev] Offtopic: OpenID Providers

R. David Murray rdmurray at bitdance.com
Fri Sep 6 21:11:29 CEST 2013

On Fri, 06 Sep 2013 14:53:00 -0400, Donald Stufft <donald at stufft.io> wrote:
> On Sep 6, 2013, at 1:22 PM, Dan Callahan <dcallahan at mozilla.com> wrote:
> > On 9/5/13 12:31 PM, Jesus Cea wrote:
> >> I have big hopes for Mozilla Persona, looking forward
> >> Python infrastructure support :).
> > 
> > Hi, I'm the project lead on Persona signin, and I spoke at PyCon
> > earlier this year regarding why and how Mozilla is building Persona.
> > If you'd like some more background, that video [0] is worth a look.
> > 
> > Let's pull this discussion up a level:
> > 
> > It sounds like many people (Jesus, Donald, Toshio, Barry, Tres,
> > Dirkjan, etc.) are interested in seeing Persona on Python.org
> > properties, and most of the objections coming from a place of
> > "Persona hasn't gone viral, what if this is wasted effort?"
> > 
> > We can tackle that from two angles:
> > 
> > 1. Dirkjan and I are willing to do the work to make this happen if
> > someone from python-devel is willing to guide us through the
> > contributor process for these systems.


I'm one of the people with admin access to the bug tracker (I haven't
done much maint lately, though, Ezio has done the most).  There is
information on setting up a replica of our production system here:


If you want to start hacking on a solution, the first step would be to
spin up a test setup.

If you propose a patch, either I or Ezio should be able to find the time
to review and apply it, if you also commit to maintaining it ;)

Tracker specific discussion happens on the tracker-discuss mailing list,
by the way (very low traffic).

> > 2. There's a seamless migration path away from Persona if we fail:
> > fall back to the pre-existing traditional email/password system
> > using the same email addresses that Persona had previously been in
> > charge of verifying.

Roundup uses database-derived numeric IDs.  An email is associated with
each account, but does not participate in authentication or authorization
after initial signup.  (Except for the email interface...but that is a
separate story and you shouldn't need to address that).

> > So let's do this. The open web deserves better than just Google+,
> > Facebook, or Passwords, and visible support from the Python
> > community would be a huge step toward answering the chicken-and-egg
> > objections raised in this thread.
> > 
> > At your service,
> > -Callahad
> > 
> > PS: Freeform OpenID has utterly failed as a user-empowering
> > authentication system, and the protocol itself is rapidly being
> > supplanted by vendor-specific OAuth[1] systems. If we want to ensure
> > that "you *can* (not *must*) use free and open services to access
> > our resources," then we must provide an option to use something akin
> > to Persona.

IMO, single signon is overrated.  Especially if one prefers not to make
it easy for various accounts to be automatically associated with one
another by various entities who shall remain nameless but have been in
the news a lot lately :)


More information about the Python-Dev mailing list