MusicBrainz Summit/11/Session Notes

From MusicBrainz Wiki
< MusicBrainz Summit‎ | 11
Revision as of 08:35, 15 October 2011 by Djce (talk | contribs) (Attendees)

Attendees

Please add yourself if you attended.
  • Kuno Woudt (warp)
  • Pavan Chander (navap)
  • Rob Kaye (ruaok)
  • Nikki
  • Oliver Charles (ocharles)
  • Jamie McDonald (jdamcd)
  • Nicolás Tamargo (reosarevok)
  • Dave Evans (djce)

Overview

Thursday (Oct 13)

  1. warp, navap, ruaok, nikki, ocharles arrived
  2. Food was bought
  3. reosarevok was nearly dissed

Friday (Oct 14)

  • jdamcd.... and everyone else arrived
  • Pushed hotfix for weekly release

Single sign on & password security

Goals

  • Not storing plaintext passwords
  • Not having knowable (i.e. reversible) passwords
  • Not transmitting passwords in the clear
  • Single sign on

Questions

  • What specific password issues are we trying to solve?

Discussed proposals

  • Implement OpenID
  • Using digest authentication (still requires storing and transferring the clear text password)
  • Using SSL (requires updating web service libraries)
  • Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration)

Conclusion: Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible.