MusicBrainz Summit/11/Session Notes: Difference between revisions
From MusicBrainz Wiki
< MusicBrainz Summit | 11
Jump to navigationJump to search
PavanChander (talk | contribs) No edit summary |
|||
Line 1: | Line 1: | ||
While the summit is underway, the session notes will be available at: https://docs.google.com/document/pub?id=1oHAdEjnnVtv8LtcYfRFRBA38D5CnwfPuyeeoJP5hogI |
|||
== Attendees== |
|||
: ''Please add yourself if you attended. |
|||
* Kuno Woudt (warp) |
|||
* Pavan Chander (navap) |
|||
* Rob Kaye (ruaok) |
|||
* Nikki |
|||
* Oliver Charles (ocharles) |
|||
* Jamie McDonald (jdamcd) |
|||
* Nicolás Tamargo (reosarevok) |
|||
* Dave Evans (djce) |
|||
== Overview == |
|||
=== Thursday (Oct 13) === |
|||
# warp, navap, ruaok, nikki, ocharles arrived |
|||
# Food was bought |
|||
# reosarevok was nearly dissed |
|||
=== Friday (Oct 14) === |
|||
* jdamcd.... and everyone else arrived |
|||
* Pushed hotfix for weekly release |
|||
====Single sign on & password security==== |
|||
Goals |
|||
* Not storing plaintext passwords |
|||
* Not having knowable (i.e. reversible) passwords |
|||
* Not transmitting passwords in the clear |
|||
* Single sign on |
|||
Questions |
|||
* What specific password issues are we trying to solve? |
|||
Discussed proposals |
|||
* Implement OpenID |
|||
* Using digest authentication (still requires storing and transferring the clear text password) |
|||
* Using SSL (requires updating web service libraries) |
|||
* Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration) |
|||
'''Conclusion:''' Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible. |
Revision as of 08:07, 16 October 2011
While the summit is underway, the session notes will be available at: https://docs.google.com/document/pub?id=1oHAdEjnnVtv8LtcYfRFRBA38D5CnwfPuyeeoJP5hogI