Forum OpenACS Development: Re: RFC: External Authentication

Collapse
Posted by Lars Pind on
Thanks for the feedback.

As for who's online, how is this implemented using Jabber, and does it require Jabber to work? What I had in mind was something simple which just keeps track of what users have requested pages in the past x seconds (typically around 5 minutes), and so must be assumed to be online. Then that could integrate with a real-time messaging service, so that if you click that person's name, a chat session will start.

Changing passwords: This is part of the 'standard' authentication driver. Did you miss it, or are you suggesting that we split it up from the authentication driver and make it it a separate service contract?

As for funding, we're looking into how much we can get done for the money that are currently on the table.

Oscar's comments have already been incorporated into the spec.

/Lars

Collapse
Posted by Malte Sussdorff on
There should be a standalone "who is online" patch somewhere burried in the bug-tracker. Ask Björn Kiesbye about it. It does exactly what you envisioned.

Most likely I missed it, but I did not see how you could change the password on an LDAP server using the OpenACS webfrontend. So no suggestion for splitting it up.

My reason for asking concerning time and what is funded: We need to get LDAP support ready til June. So if you external authentification is ready and supports LDAP as an external source, great. If LDAP as an external source is missing, we can build it. If all is missing, we are applying the same patch we did for ACS 3.5.

Have you thought about linking to other sites with an automatic setting of the authentification cookies of the remote site? Though it does require some development on both systems, it is useful especially if you think about Single Sign On. If interested I can ask Denis to post a working solution (theoretically, as ACS 3.5 code probably doesn't do you good).