MusicBrainz Summit/11/Session Notes

From MusicBrainz Wiki

< MusicBrainz Summit‎ | 11

Revision as of 08:35, 15 October 2011 by Djce (talk | contribs) (→‎Attendees)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Attendees

Please add yourself if you attended.

Kuno Woudt (warp)
Pavan Chander (navap)
Rob Kaye (ruaok)
Nikki
Oliver Charles (ocharles)
Jamie McDonald (jdamcd)
Nicolás Tamargo (reosarevok)
Dave Evans (djce)

Overview

Thursday (Oct 13)

warp, navap, ruaok, nikki, ocharles arrived
Food was bought
reosarevok was nearly dissed

Friday (Oct 14)

jdamcd.... and everyone else arrived
Pushed hotfix for weekly release

Single sign on & password security

Goals

Not storing plaintext passwords
Not having knowable (i.e. reversible) passwords
Not transmitting passwords in the clear
Single sign on

Questions

What specific password issues are we trying to solve?

Discussed proposals

Implement OpenID
Using digest authentication (still requires storing and transferring the clear text password)
Using SSL (requires updating web service libraries)
Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration)

Conclusion: Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible.

Retrieved from "https://wiki.musicbrainz.org/index.php?title=MusicBrainz_Summit/11/Session_Notes&oldid=48576"

Navigation menu