[New: openFATE 309070] Allow auth
Feature added by: Adrian Schröter (adrianSuSE) Feature #309070, revision 1 Title: Allow auth Buildservice: Evaluation Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o.o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. -- openSUSE Feature: https://features.opensuse.org/309070
Feature changed by: Thomas Schmidt (digitaltomm) Feature #309070, revision 2 Title: Allow auth Buildservice: Evaluation Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o. o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. + #2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1) + This is possible for the api by modularizing our login (ldap, db, + opensuse-auth) methods. But the auth server would have to be able to + authenticate the users password with the novell ldap, we are usually + not allowed to do this.Session handling would be needed here to avoid + authenticating each request, and should be not much work. + For the communication between the webclient and the api we need a + secure way to tell the api that the user is already authenticated, + maybe with a secret key? + -- openSUSE Feature: https://features.opensuse.org/309070
Feature changed by: Jens Staal (staalmannen) Feature #309070, revision 3 Title: Allow auth Buildservice: Evaluation Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o. o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. #2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1) This is possible for the api by modularizing our login (ldap, db, opensuse-auth) methods. But the auth server would have to be able to authenticate the users password with the novell ldap, we are usually not allowed to do this.Session handling would be needed here to avoid authenticating each request, and should be not much work. For the communication between the webclient and the api we need a secure way to tell the api that the user is already authenticated, maybe with a secret key? + #3: Jens Staal (staalmannen) (2010-02-24 23:57:09) + I know of a staging authorization server for the kernel (p9auth, + article found at: http://doi.acm.org/10.1145/1400097.1400101) which + apparently (at least on Plan9) deals with these issues (if I have + understood it correctly) in an encrypted way. This staging driver might + be kicked out in .34 due to low activity...which seems a pitty. + According to those smarter than me - this is a really interesting + approach to authorization (which even can make user/root obsolete if + there are private namespaces...but I have very little theoretical + knowledge of this). -- openSUSE Feature: https://features.opensuse.org/309070
Feature changed by: Adrian Schröter (adrianSuSE) Feature #309070, revision 4 - Title: Allow auth + Title: Allow authentification against remote http server Buildservice: Evaluation Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o. o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. #2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1) This is possible for the api by modularizing our login (ldap, db, opensuse-auth) methods. But the auth server would have to be able to authenticate the users password with the novell ldap, we are usually not allowed to do this.Session handling would be needed here to avoid authenticating each request, and should be not much work. For the communication between the webclient and the api we need a secure way to tell the api that the user is already authenticated, maybe with a secret key? #3: Jens Staal (staalmannen) (2010-02-24 23:57:09) I know of a staging authorization server for the kernel (p9auth, article found at: http://doi.acm.org/10.1145/1400097.1400101) which apparently (at least on Plan9) deals with these issues (if I have understood it correctly) in an encrypted way. This staging driver might be kicked out in .34 due to low activity...which seems a pitty. According to those smarter than me - this is a really interesting approach to authorization (which even can make user/root obsolete if there are private namespaces...but I have very little theoretical knowledge of this). -- openSUSE Feature: https://features.opensuse.org/309070
Feature changed by: Adrian Schröter (adrianSuSE) Feature #309070, revision 5 Title: Allow authentification against remote http server Buildservice: Evaluation Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) Developer: (Novell) Developer: (Novell) Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o. o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. #2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1) This is possible for the api by modularizing our login (ldap, db, opensuse-auth) methods. But the auth server would have to be able to authenticate the users password with the novell ldap, we are usually not allowed to do this.Session handling would be needed here to avoid authenticating each request, and should be not much work. For the communication between the webclient and the api we need a secure way to tell the api that the user is already authenticated, maybe with a secret key? - #3: Jens Staal (staalmannen) (2010-02-24 23:57:09) I know of a staging authorization server for the kernel (p9auth, article found at: http://doi.acm.org/10.1145/1400097.1400101) which apparently (at least on Plan9) deals with these issues (if I have understood it correctly) in an encrypted way. This staging driver might be kicked out in .34 due to low activity...which seems a pitty. According to those smarter than me - this is a really interesting approach to authorization (which even can make user/root obsolete if there are private namespaces...but I have very little theoretical knowledge of this). + #4: Adrian Schröter (adriansuse) (2010-05-19 15:02:06) + Not for 2.0 anymore, moving to 2.5. -- openSUSE Feature: https://features.opensuse.org/309070
Feature changed by: Adrian Schröter (adrianSuSE) Feature #309070, revision 6 Title: Allow authentification against remote http server Buildservice: Evaluation by engineering manager - Milestone: 2.5 Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) Partner organization: openSUSE.org Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o. o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. #2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1) This is possible for the api by modularizing our login (ldap, db, opensuse-auth) methods. But the auth server would have to be able to authenticate the users password with the novell ldap, we are usually not allowed to do this.Session handling would be needed here to avoid authenticating each request, and should be not much work. For the communication between the webclient and the api we need a secure way to tell the api that the user is already authenticated, maybe with a secret key? #3: Jens Staal (staalmannen) (2010-02-24 23:57:09) I know of a staging authorization server for the kernel (p9auth, article found at: http://doi.acm.org/10.1145/1400097.1400101) which apparently (at least on Plan9) deals with these issues (if I have understood it correctly) in an encrypted way. This staging driver might be kicked out in .34 due to low activity...which seems a pitty. According to those smarter than me - this is a really interesting approach to authorization (which even can make user/root obsolete if there are private namespaces...but I have very little theoretical knowledge of this). #4: Adrian Schröter (adriansuse) (2010-05-19 15:02:06) Not for 2.0 anymore, moving to 2.5. -- openSUSE Feature: https://features.opensuse.org/309070
Feature changed by: Thomas Schmidt (digitaltomm) Feature #309070, revision 7 Title: Allow authentification against remote http server Buildservice: Evaluation by engineering manager Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) + Engineering Manager: Charles Gardner (cgardner) Partner organization: openSUSE.org Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o. o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. #2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1) This is possible for the api by modularizing our login (ldap, db, opensuse-auth) methods. But the auth server would have to be able to authenticate the users password with the novell ldap, we are usually not allowed to do this.Session handling would be needed here to avoid authenticating each request, and should be not much work. For the communication between the webclient and the api we need a secure way to tell the api that the user is already authenticated, maybe with a secret key? #3: Jens Staal (staalmannen) (2010-02-24 23:57:09) I know of a staging authorization server for the kernel (p9auth, article found at: http://doi.acm.org/10.1145/1400097.1400101) which apparently (at least on Plan9) deals with these issues (if I have understood it correctly) in an encrypted way. This staging driver might be kicked out in .34 due to low activity...which seems a pitty. According to those smarter than me - this is a really interesting approach to authorization (which even can make user/root obsolete if there are private namespaces...but I have very little theoretical knowledge of this). #4: Adrian Schröter (adriansuse) (2010-05-19 15:02:06) Not for 2.0 anymore, moving to 2.5. -- openSUSE Feature: https://features.opensuse.org/309070
Feature changed by: Thomas Schmidt (digitaltomm) Feature #309070, revision 8 Title: Allow authentification against remote http server Buildservice: Evaluation by engineering manager Priority Requester: Important Projectmanager: Desirable Requested by: Adrian Schröter (adriansuse) - Engineering Manager: Charles Gardner (cgardner) Partner organization: openSUSE.org Description: Implement authentification plugin for api which allows authentification against remote http web server. This may need changes in session handling. We want to use this plugin and setup for opensuse.org and connect api.o. o and build.o.o directly to internet without iChain proxy. Discussion: #1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04) Tom, we need your expertise here, what is possible with rails and what makes sense. #2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1) This is possible for the api by modularizing our login (ldap, db, opensuse-auth) methods. But the auth server would have to be able to authenticate the users password with the novell ldap, we are usually not allowed to do this.Session handling would be needed here to avoid authenticating each request, and should be not much work. For the communication between the webclient and the api we need a secure way to tell the api that the user is already authenticated, maybe with a secret key? #3: Jens Staal (staalmannen) (2010-02-24 23:57:09) I know of a staging authorization server for the kernel (p9auth, article found at: http://doi.acm.org/10.1145/1400097.1400101) which apparently (at least on Plan9) deals with these issues (if I have understood it correctly) in an encrypted way. This staging driver might be kicked out in .34 due to low activity...which seems a pitty. According to those smarter than me - this is a really interesting approach to authorization (which even can make user/root obsolete if there are private namespaces...but I have very little theoretical knowledge of this). #4: Adrian Schröter (adriansuse) (2010-05-19 15:02:06) Not for 2.0 anymore, moving to 2.5. -- openSUSE Feature: https://features.opensuse.org/309070
participants (1)
-
fate_noreply@suse.de