canonical-isd-hackers team mailing list archive

[William Grant <me@xxxxxxxxxxxxxxxxxx>]

On Fri, 2010-09-24 at 00:38 -0400, Elliot Murphy wrote:
> I'm really glad to see this being discussed in detail.
> 
> On Thu, Sep 23, 2010 at 7:18 PM, William Grant <me@xxxxxxxxxxxxxxxxxx> wrote:
> > I think that login.launchpad.net needs to disappear. It is simply too
> > confusing -- everyone has two independent sets of email addresses
> > associated with Launchpad.net.
> >
> > It can't safely be destroyed now (forcing non-Ubuntu LP users to use an
> > Ubuntu-branded SSO site would be foolish), but it seems reasonable to do
> > it once LP becomes a general OpenID provider.
> 
> This might be a dumb question, but why is it a problem if non-Ubuntu
> LP users see an Ubuntu-branded SSO site?

Many projects are concerned that Launchpad is too tied to Ubuntu.
Forcing them through an Ubuntu authentication gateway will probably not
help with that.

> How does LP becoming a
> general OpenID provider help here?

Non-Ubuntu-centric Launchpad users can use their non-Ubuntu-centric
authentication providers.

> > If it can, Launchpad also needs to link back to the provider. There's no
> > way to change one's password from the LP UI, and no hint as to where one
> > must go.
> > I don't think this is what you mean. RP == Relying Party, which is what
> > LP is moving *towards*. Do you mean that LP should stop being an OP
> > (OpenID Provider)? If so, I believe we already have: all that remains is
> > the XRDS on Person:+index, which must remain for compatibility.
> 
> I'm still trying to get up to speed but it seems like earlier in this
> mail you mentioned becoming a general OpenID provider,

Becoming a general OpenID *consumer*, not provider.

> now you mention
> LP already has stopped being an OP?

It no longer serves as a direct OpenID provider, correct.

> I use
> https://launchpad.net/~statik/ to login via openID to various 3rd
> party sites such as stackoverflow.com. Is this going to stop working
> ?(I won't complain if it does, just trying to understand)

That's the XRDS coming into play. If you look at the HTML, you'll see
elements delegating the page's identity to login.launchpad.net.
login.launchpad.net and login.ubuntu.com are real OpenID providers,
while Launchpad just has a couple of tags that delegate.

This XRDS dates from the days when LP was an OpenID provider, and there
was no other URL to use. It could probably be deprecated, perhaps with
newly-created profiles not providing the delegation tags.

> > In summary: fix bug #637968, make LP a general RP, destroy
> > login.launchpad.net.
> 
> This sounds like a good summary, although I would like to understand
> why is making LP a general RP a necessary step?

As above: we don't want to scare more people off LP. Forcing everyone
through somewhere with heavy Ubuntu branding is going to scare more
people off.

William.

Attachment: signature.asc
Description: This is a digitally signed message part