launchpad-dev team mailing list archive

[Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>]

The Launchpad user registration/login/reset has been broken for many
months. As a subscriber to all launchpad bugs and questions, I can see
there is a problem, but as a person who works with the Launchpad
Registry team, I feel powerless to fix this. I think this sense of
confusion is common for all the users and developers of Launchpad. Can
the people with some knowledge take some time to elaborate and correct
our common understanding of what is wrong and what can be done to fix
it.

The crux of the problem is that Launchpad does not manage identity and
credentials. Launchpad does not know who you (the person reading this)
is, nor does it want to. Launchpad relies on Ubuntu's Single Sign On
service to tell it which Launchpad profile you are at the moment.

I think login.launchpad.net is part of the problem. It misleads users to
think Launchpad is managing user credentials. This site is really Ubuntu
SSO.


What Happens When You Login
---------------------------

Here is a summary of the 3 parts that are in play when you login:
Site:    Ubuntu-SSO  ->  Lp-internals   -> Lp-mainsite
Team:    ISD-hackers     Lp-foundations    Lp-registry
Domain:  user            authentication    person (profile)
Analogy: driver          requisitioning    car

Users register with SSO. User can login to many sites. When you login to
Lp, the site asks SSO who you are. Lp uses the identity information from
SSO to select 1 of the 1 million modeled persons be your profile. Your
profile's id and or your email address are used to select the profile
you will become.


Mismatched Identities
---------------------

This implies that SSO and Launchpad need the same email address
information to consistently select the profile to match the credentials
you provided, but that is not going to happen, *ever*.

While Launchpad discourages users from having multiple profiles, many
chose to. Many users do not know they many profiles because Lp created
them from imported email addresses. It can be a lot of work try to get
Launchpad to know all your email addresses belong to one profile. You
may also have many identities in Ubuntu SSO. The email addresses between
the SSO identities and Launchpad profile can be mismatched. Try drawing
the lines between the email addresses; it seems like a miracle when you
login and actually get the profile you expect!

One human being
 /           \
SSO           Lp
Identity_1    Profile_1
  email_1       email_1
  email_2       email_3

Identity_2    Profile_2
  email_3       email_2
  email_4

              Profile_3
                email_5 (in wrong state)

/me runs screaming from the room.


User Issues
-----------

      * People report they have not receive a confirmation emails for
        registration or reset. This is usually a spam filter or grey
        list issue that is outside the control of Lp or SSO. But, users
        start asking for help from Lp staff in email and IRC. We forward
        the users to https://forms.canonical.com/lp-login-support/
        eventually. Why eventually? because many engineers are not aware
        that Launchpad is using Ubuntu SSO. I have been asked twice in
        the last 8 weeks to look up logintoken information that cannot
        possibly exist in a Launchpad DB.

      * People report they do not have Lp profiles (Lp ids). Launchpad
        does not know their name or their email address--the user has
        clearly never been to Launchpad. Some users were direct to
        register at login.launchpad.net/+new_account which is not
        Lp...the user never visited Lp and started login.

      * People have asked me to delete their account information. I
        cannot delete Lp profile information, but that is not the real
        issue. The person is not registered with Launchpad, so there is
        nothing that could be deleted

        ! Clearly state that registration/login/reset is SSO

      * I am appalled when I see a user login with a profile with a
        mangled Launchpad Id. "-deactivatedaccount" and "-merged" were
        by deactivation/merging to free the profile namespace and
        provide a visual indication that no one can be this profile. Yet
        that is not so any more. I am also dismayed to read oops reports
        involving users without email addresses (because the address is
        in the wrong state). Launchpad has sane rules to ensure Ids were
        fixed and emails restores when a profile was reactivated via
        login/reset.
        
        ! The act of authentication must guarantee sane ids and
        preferred email address.

      * User report their profile is wrong after they deleted an email
        address in Lp. It have been suggest to never delete email
        addresses, but hide them so that profile matching is not broken.
        I do not want to do this *again*. I just fixed the bugs where
        teams were not deleting email addresses. When I loose control of
        an email addresses, I want it deleted. I do not want someone to
        assume my identity. Maybe we can warn the user if the address
        was used in authentication. Maybe we can add a rule to
        disassociate the address from the profile and start a
        confirmation process to restore it when the user first
        authenticates with it.

      * Users report their profile page is broken...we can see an broken
        openid interaction in an oops. I have not idea what is broken or
        how to fix it I believe some cases were fixed by direct SQL
        manipulation of openid information and email addresses.

        ? Would this be a problem if Launchpad stopped being a proxy for
        SSO? Could Lp removed the XRDS and RP supprt?

-- 
__Curtis C. Hovey_________
http://launchpad.net/

Attachment: signature.asc
Description: This is a digitally signed message part