Labs/Bespin/DesignDocs/OpenIDIntegration
OpenID Integration document
Note: Work in progress (this document isn't completed yet.)
Feature details
What's OpenID?
"OpenID is a free and easy way to use a single digital identity across the Internet."
For more information: http://openid.net/what/
To get one : http://openid.net/get/
Why OpenID?
- It's an open standard
- It's secure
- For companies, it's available in closed environment with a server running an OpenID service (there are many available out there)
- A single Id for all websites supporting OpenID (the number is growing and growing)
- It adheres to Bespin's mindset: using new ideas/technologies
How does it work?
Account registration
- You first need to get an OpenID/OpenID provider ID : http://openid.net/get/ (And you probably already have one)
- Once it's done, you fill the information (if any), and we create/register your account associated with your user id
Login
When you come back on the web application you:
- Click a sign in link/button
- Choose a listed provider or enter your own OpenID provider
- Are automatically redirected to your provider to confirm that you want to login (this step can be minimized if there's a popup windows in overlay that shows the provider website)
- Getting back to your web server and Voilà!
How to reduce the steps number?
The following points will be studied:
- Avoid redirection to another website by popping an overlay window with the embedded OpenID provider website
- By following the OpenID best practice
- See how Mozilla Weave can help in the process (by following the naming convention of openID login form)
- More to come ...
Full switch to OpenID for Bespin?
Actually, because it's a radical change (to completly switch), we will see how it evolves. Our goal is to switch to OpenID, but it has to be as less frustrating as possible (seamless). At this time, it has been decided to:
- keep the existing username/password functionality
- add OpenID support
- Offer to migrate the user account on OpenID
- measure how people use it (and see how it goes for future adjustment, and eventually full switch)
Good OpenID integration
http://stackoverflow.com/users/login
http://ficly.com/authors/new => :o) :o) :o)
- List all supported/most popular OpenID provider
- Gives the option to signup/login using their own OpenID (if not listed)
- There are alternatives of OpenID itself (Google, Yahoo, AOL, etc)
- There is some information about OpenID
Not intuitive OpenId integration
Note: Not intuitive compared to the OpenID good practice guide
Screenshots:
http://bitbucket.org/account/signup
http://getsatisfaction.com/session/new
- No OpenID explanation (must have some informations briefly explaining what's OpenID, advantages, etc). It's very important to add the informations, because it's not that known by the common/new users
- There's not place stating that you must create an OpenID, and then add/link other accounts to your OpenId account (http://yourname.openid.org, http://twitter.com/yourname, etc) on their website
- No popular provider listing (helpful for those how want to login via their known provider)
Requirements
Back End
OpenID available Python libraries
JanRain's Python OpenID library is available at http://openidenabled.com/python-openid/
Tables mapping
Bespin's Python code already uses SQLAlchemy, so we aim for that for mapping the tables to useful Python objects.
TODO: describe the user/auth tables mappings here.
Front End
Login Page
N/A
Sources
- http://wiki.openid.net/Details-of-UX-Best-Practices-for-OPs
- http://wiki.openid.net/Details-of-UX-Best-Practices-for-RPs
- http://wiki.openid.net/OpenID-OAuth-for-the-browser
- http://wiki.openid.net/User-Experience-loose-ends
- http://code.google.com/intl/fr/apis/accounts/docs/OpenID.html
- http://openid.net/specs/openid-attribute-exchange-1_0.html
- http://wiki.openid.net/f/openid_ui_extension_draft01.html
- http://openid.net/specs/openid-authentication-2_0.html
- http://code.google.com/p/step2/
- http://step2.googlecode.com/svn/spec/openid_oauth_extension/latest/openid_oauth_extension.html
- http://oauth.net/code
Roadmap
N/A