Fedora: OpenId Roadmap
To enable Fedora users and developers to engage with the community, and with each other, in all kinds of ways.
A Brief Introduction to OpenID
OpenID is a dead-simple way to authenticate to multiple websites. It's kind of like an open-source Passport. Some of the high-level ideas:
- Anybody can be an OpenID identity provider (IdP).
- The IdP creates an account for an individual, and that account is valid at any website that accepts OpenID authentication.
- It's not super secure, but much of that depends on the way it's implemented by the parties that use it. We could set a strong example here.
- It's possible for the IdP to provide stronger security mechanisms at those sites that are directly linked to its own users. For example, if user "johnboy" creates an account at fedoraproject.org, we could have much more detailed information about what "johnboy" can do within the Fedora infrastructure (yes for wiki, no for CVS) -- but we could still provide "fedoraproject.org/user/johnboy" as a generic login id that's accepted by all sites that use OpenID.
Opportunities for OpenId and Fedora
- Extension of current Fedora Single Sign On. The infrastructure team is already driving towards SSO across all systems in Fedora-land, based on Fedora Directory Server. Being an OpenID IDP is an obvious next step.
- OpenID for all Fedora users. It should be relatively straightforward to provide the option for all Fedora users to create their own Fedora account during firstboot -- and if Fedora account is also an OpenID account, this creates lots of opportunities.
- Integration with Mugshot. Mugshot is likely to be an OpenID provider as well, which gives us all kinds of interesting opportunities to interact directly with the Mugshot project that we don't currently have. If every Fedora user is also a Mugshot user, and can use some of the cool people-connecting technologies that Mugshot provides... well, it seems like it could be pretty damned cool. Make it dead-simple for an interested user to stalk everything that a particular developer does in the Fedora community, for instance. Every interaction becomes a lot more person-centric, potentially.
- Integration with Bugzilla. As of right now, there are no concrete plans to include Red Hat's bugzilla in the Fedora SSO experience. This is a problem. But the larger Bugzilla problem is that Bugzilla instances don't talk to each other, ever, unless two Bugzilla instances do a whole lot of work to "make it so". OpenID could be a key enabler, allowing any Bugzilla user to report bugs to any Bugzilla instance anywhere.
- Continue with Fedora SSO project. All this stuff is great, but the first thing we need to do is finish the Fedora SSO project and revisit all of this later.
- Work with the Red Hat bugzilla team. There are plans afoot to get Red Hat's bugzilla effort closer to upstream bugzilla. We need to work with them to make sure that OpenID is part of their thinking.