On Thu, 2007-11-08 at 12:54 -0500, Simo Sorce wrote: > On Thu, 2007-11-08 at 09:01 -0700, Richi Plana wrote: > > Certainly an interesting concept, but that would pull us way too far > > into the Internet space (as opposed to local or even private domain > > space). How would an openid user map to Linux in terms of UID? Would a > > uid be assigned on a local machine? On the domain (if the machine the > > person is logging into happens to be a part of a bigger network)? Does > > the OpenID spec have provisions for account authorization and > > information? There are still some UNIX-y things needed by current > > distributions that we have to find solutions for. > > 1. move to 128bit UID/GIDs that are really UUIDs > problem is, most apps wont work, need changes in the kernel, in a > word: > unachievable Not to worry, gentlefolk. I've already had a word with the OpenID Foundation and they've agreed that it is a problem that they'll address with OpenID 2.1. In fact, they've already conferred with IANA and now they're coming up with a scheme for allowing the distributed registration and authentication of OpenID to be given, for each account created, a 128-bit unique IP address that's portable (you can take it with you to a different OpenID Provider). A private space is said to be reserved for use by system resources and daemons. Microsoft has uncharacteristically agreed that the convenience this brings outweighs the usual technical arguments (read: laziness). This was better than their original idea: having UTF-16 encoded OpenID strings as process UIDs w/ BOM. They have agreed to ship a 128-bit UID capable kernel in their next release of Windows entitled "Leghorn". NEC has decided to get on the bandwagon, predicting that banks will soon switch to OpenID, by coming out with ATMs that allow processes to run using this universal ID system. The new ATMs will have Gnome as its graphical environment and users automatically get their preferred settings including background and screensaver if available from the Internet. Oh, and yes, flying pig. Seriously, though, thanks for the various insights. I'll look into the various means by which arbitrary accounts are mapped into local space. -- Richi Plana -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
