MusicBrainz Summit/11/Session Notes

From MusicBrainz Wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Attendees

Please add yourself if you attended.
  • Kuno Woudt (warp)
  • Pavan Chander (navap)
  • Rob Kaye (ruaok)
  • Nikki
  • Oliver Charles (ocharles)
  • Jamie McDonald (jdamcd)
  • Nicolás Tamargo (reosarevok)
  • Dave Evans (djce)

Overview

Thursday (Oct 13)

  1. warp, navap, ruaok, nikki, ocharles arrived
  2. Food was bought
  3. reosarevok was nearly dissed

Friday (Oct 14)

  • jdamcd.... and everyone else arrived
  • Pushed hotfix for weekly release

Single sign on & password security

Goals

  • Not storing plaintext passwords
  • Not having knowable (i.e. reversible) passwords
  • Not transmitting passwords in the clear
  • Single sign on

Questions

  • What specific password issues are we trying to solve?

Discussed proposals

  • Implement OpenID
  • Using digest authentication (still requires storing and transferring the clear text password)
  • Using SSL (requires updating web service libraries)
  • Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration)

Conclusion: Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible.

Retrieved from "https://wiki.musicbrainz.org/index.php?title=MusicBrainz_Summit/11/Session_Notes&oldid=48576"