58
edits
(updates persona notes) |
(Updated current status of Persona in the contexts of Mozilla and Sudo Room.) |
||
(5 intermediate revisions by one other user not shown) | |||
Line 2: | Line 2: | ||
In terms of practical usage for sudo room, there are a sufficient number of [https://developer.mozilla.org/en-US/Persona/Libraries_and_plugins libraries and plugins] available for integrating and developing with lots of different applications and environments. This [https://hacks.mozilla.org/2013/04/mozilla-persona-for-the-non-web/ blog post from 2013] explains some more about how these libraries can be used. | In terms of practical usage for sudo room, there are a sufficient number of [https://developer.mozilla.org/en-US/Persona/Libraries_and_plugins libraries and plugins] available for integrating and developing with lots of different applications and environments. This [https://hacks.mozilla.org/2013/04/mozilla-persona-for-the-non-web/ blog post from 2013] explains some more about how these libraries can be used. | ||
In 2014, Mozilla transitioned Persona to community ownership. In January 2016, they announced plans to decommission the Mozilla-operated Persona infrastructure in November 2016. In September 2016, Sudo Room [https://github.com/sudoroom/sudo-infrastructure/issues/2 dropped Persona login support]. | |||
The browserid standard is still an open standard, and it would still be possible for us to set up an IdP, but this would be a significant undertaking. | |||
==Use Case== | |||
Our hackerspace community has an opportunity to support an environment for creative expression and new, elegant services. We have basic infrastructure including a wordpress website (with blog and shared calendar system), this mediawiki wiki, a membership application (in the works), and an issue tracker (next on deck). However, a limitation to running 2 or ''n'' services is managing more than one user account. Hackerspaces commonly write manual hacks to shim user account generation, and to propogate password updates across multiple systems. These solutions are a pain and very unstable. Persona offers a viable alternative, so at the very least we can use the same shim in each system. | |||
'''We want to create an environment where members are encouraged to create lots of new apps, rather than bottlenecking on centralized/monolithic apps. With persona, these apps may have a lower barrier to entry since existing users can authenticate without registration.''' | |||
==Identity Provider (IdP)== | |||
* Quick-and-dirty Identity Provider (IdP) implementation http://kamituel.tumblr.com/post/47604831876/mozilla-persona-implementing-idp | * Quick-and-dirty Identity Provider (IdP) implementation http://kamituel.tumblr.com/post/47604831876/mozilla-persona-implementing-idp | ||
Line 9: | Line 20: | ||
* Option to hack a Single-Sign-On (SSO) service by implementing parent domain cookie with shared session store, or instead at least have consistent identity management across applications: https://stackoverflow.com/questions/16010168/using-mozilla-persona-auth-for-single-sign-on#comment22898509_16026019 | * Option to hack a Single-Sign-On (SSO) service by implementing parent domain cookie with shared session store, or instead at least have consistent identity management across applications: https://stackoverflow.com/questions/16010168/using-mozilla-persona-auth-for-single-sign-on#comment22898509_16026019 | ||
==Verification== | |||
Interesting, there's a drop-in apache module for persona-based auth: | Interesting, there's a drop-in apache module for persona-based auth: | ||
* https://github.com/mozilla/mod_authnz_persona | * https://github.com/mozilla/mod_authnz_persona | ||
Line 22: | Line 34: | ||
===SeltzerCRM=== | ===SeltzerCRM=== | ||
====Persona Auth Module==== | ====Persona Auth Module==== | ||
First-pass (not tested, development version, probably broken): https://github.com/sudoroom/seltzer/tree/persona_auth | |||
A dead-simple verification plugin that allows users to authenticate using an email address via persona. Uses MIT-licensed verification library [https://github.com/fmarier/auth-browserid Auth-BrowserID] and based on SeltzerCRM's [https://github.com/elplatt/seltzer/blob/master/crm/modules/user/user.inc.php User Module], both are dependencies. | A dead-simple verification plugin that allows users to authenticate using an email address via persona. Uses MIT-licensed verification library [https://github.com/fmarier/auth-browserid Auth-BrowserID] and based on SeltzerCRM's [https://github.com/elplatt/seltzer/blob/master/crm/modules/user/user.inc.php User Module], both are dependencies. |