On Mon, 2008-05-26 at 20:11 -0500, Mike McGrath wrote: > On Mon, 26 May 2008, Karsten 'quaid' Wade wrote: > > > Just doing some thinking ... > > > > If we want to move our OpenID acceptance outside of Fedora's OpenID > > server, we'll have a blocker with the CLA. AIUI, we need someone to > > knowingly accept the CLA and have that tied to a Real Name and email > > address in our database. Right? > > > > Correct. > > > However, OpenID could be a good way to get permissions to Talk: pages. > > That is a great way to get feedback from drive-bys, the kind of people > > who might take advantage of an OpenID to make a minor change on a > > page. > > > > <nod> I looked briefly into this but haven't totally come to a solution > yet. > > > Content in Talk: could be treated procedurally as we do bug reports. > > Maybe we can have a WikiLicense type of thing (FedoraProject:Copyrights > > link enough?) for that? Either way, Talk: could be a discussion area, > > cf. mailing lists and bugzilla, that may produce content. If someone > > gives specific wording and we want to use it, and now or later modify > > it, redistribute it, etc., it needs to be under the CLA and site > > license. This is comparable to receiving a patch via bugzilla where the > > contributor should include licensing text. > > > > Yeah, this is both a question for legal and a question to see what is > technically feasible. OpenID is great, but once again the CLA continues > to be the biggest blocker to growing our contributor base. > > -Mike It is my understanding that OpenID isn't about giving people unfettered access. It is about not having to type your information and remember passwords for 100 different sites. The idea behind federation is you can allow access from certain OpenID domains to specific resources (FAS still decides what gets served up) and you can also federate a Fedora user account with an OpenID account. For more sensitive operations you can still require the user type in their Fedora password or have a certificate. http://www.gnucitizen.org/blog/openid-a-security-story/ lists some OpenID concerns (a lot of which we prevent by using https). This issue is more than just an OpenID issue. In fact you can take OpenID out of the equation to ask, how do we allow people to join when the CLA is our biggest blocker. I think the correct answer here is the one being looked at which is to allow things like posting comments, bugs and setting up a user presence within Fedora should all be allowed without the CLA (bugs are already allowed this way). For all other things, as people want to do more the CLA is then presented as the next step. Putting OpenID back into the equation doesn't really change much other than a discussion on what level do we just accept OpenID and on what level do we make them federate with a Fedora account. Concentrating on the CLA bottleneck would make everything else possible. We have concluded that it is a necessity but I hope that doesn't mean we don't have any wiggle room. -- John (J5) Palmieri <johnp@xxxxxxxxxx> _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list