Status of OpenID Consumer in Bugzilla

Rob Lanphier robla at
Thu Jun 30 20:37:36 PDT 2005

Hi folks,

I've made some pretty good progress on OpenID.  Nothing ready to
release, but the actual authentication part is done.  It just doesn't
bother to check the database yet.

I'm trying to decide how many shortcuts I take to get this to work.  In
particular, here's the list of questions I have:
*  Where should the OpenID URI be stored?
*  Should user log in using email or by OpenID?
*  Should email verification process still occur?
*  Should a confirm hash style verification (ala Mailman or GForge) be
created, as opposed to mailing a password to the user?
*  How should createaccount.cgi modification be done?

Here's where I've listed my answers to the questions:

I'd like some other opinions on this, as well.  Since I'm not personally
going to be running this in production (I'm just doing this to learn how
OpenID and BZ work), it'd be good to hear from someone who will be
running in production.


More information about the yadis mailing list