MusicBrainz Summit/11/Session Notes
From MusicBrainz Wiki
< MusicBrainz Summit | 11
Jump to navigationJump to search
Attendees
- Please add yourself if you attended.
- Kuno Woudt (warp)
- Pavan Chander (navap)
- Rob Kaye (ruaok)
- Nikki
- Oliver Charles (ocharles)
- Jamie McDonald (jdamcd)
- Nicolás Tamargo (reosarevok)
- Dave Evans (djce)
Overview
Thursday (Oct 13)
- warp, navap, ruaok, nikki, ocharles arrived
- Food was bought
- reosarevok was nearly dissed
Friday (Oct 14)
- jdamcd.... and everyone else arrived
- Pushed hotfix for weekly release
Single sign on & password security
Goals
- Not storing plaintext passwords
- Not having knowable (i.e. reversible) passwords
- Not transmitting passwords in the clear
- Single sign on
Questions
- What specific password issues are we trying to solve?
Discussed proposals
- Implement OpenID
- Using digest authentication (still requires storing and transferring the clear text password)
- Using SSL (requires updating web service libraries)
- Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration)
Conclusion: Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible.