Google Summer of Code projects?

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
gchaix's picture
Posted by gchaix on March 19, 2008 at 8:59pm

Is there any interest in having one or more Summer of Code students to work on this? Here at OSU we're getting some pings from potential applicants on working on OpenID 2.0 server support in D6. We'd be delighted to point some of our mentor and SoC student resources at this project. Especially adding support for AX, etc.

Thoughts?

Categories: ,

Comments

AX!

Posted by Boris Mann on March 20, 2008 at 11:40pm
Boris Mann's picture

I talked about this with Narayan offline already, but forward momentum on the AX stuff would be excellent. It's biting off a fair bit, however, so scoping it effectively would be critical.

And yeah, the server needs porting, but that's not a very big job. But, learning the 2.0 spec, learning the AX spec and doing some sort of proof of concept implementation would be excellent. Actually, let me scope that more specifically -- using AX to allow for role-based mapping between sites would be an excellent, doable goal.

So, you could make a rule like "if identity A has role X on Site 1, then identity A has role Y on Site 2".

Also, there is OAuth to build out, which is NOT OpenID, but can be a compliment for machine to machine operations....

I agree, I've been

Posted by stroobl on March 31, 2008 at 11:35am
stroobl's picture

I agree, I've been investigating OpenID and it's nice for authentication, but just for that. You know a user is authenticated against a certain OpenID provider, but as long as you can't indicate which providers you trust, that's not much better than an anonymous user. Everybody can start it's own OpenID provider, also the bad guys.
Once you're able to set trusts and map roles and exchange custom profile fields between sites, things start to get really interesting.

There is already some info about group(role) memberships on http://wiki.openid.net/Group_Membership_Protocol

It's true

Posted by walkah on April 13, 2008 at 11:42am
walkah's picture

OpenID (auth) is an authentication spec, not an authorization framework - but it is suitable base for the kind of system you're talking about. Once you have an identifier - you can layer on assertions about that ID and build a trust framework.

P.S. there is a SoC proposal to work on AX ( http://groups.drupal.org/node/10285 ) that I will mentor if it makes it through the approval process.