Blog Documentation Book a Demo

distributed authentication for vanilla

nathannathan
edited August 2005 in Vanilla 1.0 Help
Here is something I would love to see implemented. For those who may not know, i will TRY and explain what distributed authentication is. One CENTRAL database holds ALL the available user name and password pairs and the corresponding site the pair came from. This would then enable a user from mysite.com to sign in to lussumo.com/community/ with the following user name: nathan@mysite.com and password: foo. I wish everyone did this. I don't really want to sign up for every forum I want to participate in. Individual sites would then be able to restrict users over the distributed network (disallow their sign in, assign a temporary role etc.) What do you think?

Comments

  • nathannathan
    in case I was not clear, because the attachment @mysite.com is added to the username, it is impossible for their to be duplicate user entries for the distributed authentication system.
  • FLCFLC New
    that sounds like trouble waiting to happen...
  • ithcyithcy New
    are you talking about something like radius?
  • nathannathan
    I have not heard of radius, but I have seen it in action, and it is not trouble. Drupal offers the same service (drupal.org hosts the name server). It is VERY secure, and any vulnerabilities would have been found by the community already. I really like this simple software, so this feature would again be an extension.
  • FLCFLC New
    didnt drupal recently go down for a few days? I'd guess that would cause wide spread panic
  • MarkMark Vanilla Staff
    Neat idea! *works on documentation*
  • nathannathan
    drupal did go down, indeed for a few days, but that was a hardware issue. Nothing to do with the software.
  • FLCFLC New
    i never said it was a software thing, but when things are centralised like that, all it takes is the main server to go down to cause a lot of problems for a lot of people
  • lechlech
    edited July 2005
    lol, Mark, I think it's time you make a sticky post that says "no more suggestions, bugs only!" or something. haha, with the releases this weekend this place has turned into a madhouse again. Not that it's a bad thing though. Otherwise make a "Vanilla Suggestions" forum. I'd be more than happy to help sub-admin and manage crap seeing as I'm popping on here a couple times through the day.
  • nathannathan
    edited July 2005
    I see your point. That would be a problem, but if properly managed (with a backup on a different server), it has the potential to make life much easier for cross site membership. It really depends on how many people use Vanilla. I can see it taking off :)
  • lechlech
    It's a neat idea, however it could be more trouble than what it's worth. Figure you have a version of Vanilla running closed off to the world while another open. Some really explicit rules would need to be crafted to run the entire schema as well as some kind of scheduling to change passwords and things like that. I'm not trying to shoot it down, no, not at all. By it's description though, it reminds me of the way older amiga cNet BBS's shared messages across different boards before there was "the internet". That and the way some still run and interlink and conference a single chatroom across 2 or more systems like irc. I don't think it's really a matter of making it global by default. But rather giving 2 admins the options to share certain select forums on their installation of vanilla. That way only those two boards can talk to each other. Otherwise it would make discussion near impossible with 300+ other boards participating at the same time.
  • nathannathan
    careful use cron could trigger/handle all of the password and username changes. I see your point with permissions accross different boards however. A role could be created for all authenticated logins, which each board would control. But... as I am beginning to see, it would add complexity to the forum software, and we don't want that. It would be an extension, so only users who wanted it would get it. I proposed the idea, and I would love to see it implemented, but I think all points raised are valid, and not all are FULLY supportive.
  • lechlech
    Yeah, I think the last thing I would want is an admin from another board globaly wiping users/account/threads on my board So with that in mind, you're going to need to prethink of all the things one can do, should do, and shouldn't be able to do all around and locally. However I do like the idea of having a selected thread/forum being shared across selected vanilla installations. Or some type of inter-domain messaging that acts as a form of email on a secure level. But keeping it all simple to install, setup and run would be the key features.
  • MarkMark Vanilla Staff
    I think there's room in Vanilla for whatever people might want to do with it. I might get a hankering one day to write a "Dunce Cap" extension that places a dunce-cap on-top of everyone's icon. Might not be the most popular extension, but one that I would certainly use from time to time :) The point being, I think that this is a pretty cool extension idea - not one that I plan on using per-say, but a cool idea nonetheless. I say go for it! I'm sure there are people out there who would want to use it. Speaking of which, I wrote a huge chunk of the "developer" documentation tonight. I'm not making it live until I've got a few more sections finished. Hopefully within a few days. But I do have a bunch of work to do over the next couple of days that is not Vanilla related. Which reminds me, that's a good idea about suggestions, lech. I'll create a few more categories so this stuff doesn't just slip through the random heap :)
  • jonezyjonezy New
    sounds very similar to ms's passport... sounds like a job for web services!
  • vinayvinay
    Something like this already exists. More along the lines of typekey (see typekey.com). Well, kind of. Typekey is a single point of entry, but it doesn't guarantee registration for all vanilla installations unless that's the only way to register. What I would love to see is a way to change the authentication for vanilla based on TypeKey. That way, I can have typekey deployed across the board. I would have typekey based registration for comments on my blog. I would have typekey based viewing of posts on the blog. I'm working on a photo browser/comment holder by kind of melding together filebrowser and an older project of mine which I'd used for commenting on my photos, and allow commenting all files. I'm planning on deploying typekey in this system as well. Since it already exists and is already in wide use, why not try to hook into that! Yeah Mark, Documentation would help a lot! Well us to write the extensions and you so you didn't :). Thanks, -Vinay
  • jsandersjsanders
    http://www.danga.com/openid/
This discussion has been closed.