Difference between revisions of "MusicBrainz Summit/11/Session Notes"

From MusicBrainz Wiki
(Friday (Oct 14))
(Attendees)
Line 8: Line 8:
 
* Jamie McDonald (jdamcd)
 
* Jamie McDonald (jdamcd)
 
* Nicolás Tamargo (reosarevok)
 
* Nicolás Tamargo (reosarevok)
 +
* Dave Evans (djce)
  
 
== Overview ==
 
== Overview ==

Revision as of 08:35, 15 October 2011

Attendees

Please add yourself if you attended.
  • Kuno Woudt (warp)
  • Pavan Chander (navap)
  • Rob Kaye (ruaok)
  • Nikki
  • Oliver Charles (ocharles)
  • Jamie McDonald (jdamcd)
  • Nicolás Tamargo (reosarevok)
  • Dave Evans (djce)

Overview

Thursday (Oct 13)

  1. warp, navap, ruaok, nikki, ocharles arrived
  2. Food was bought
  3. reosarevok was nearly dissed

Friday (Oct 14)

  • jdamcd.... and everyone else arrived
  • Pushed hotfix for weekly release

Single sign on & password security

Goals

  • Not storing plaintext passwords
  • Not having knowable (i.e. reversible) passwords
  • Not transmitting passwords in the clear
  • Single sign on

Questions

  • What specific password issues are we trying to solve?

Discussed proposals

  • Implement OpenID
  • Using digest authentication (still requires storing and transferring the clear text password)
  • Using SSL (requires updating web service libraries)
  • Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration)

Conclusion: Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible.