[Identity-dev] Re: [mashup-dev] Self registration process for mashups.org

Ruchith Fernando ruchith at wso2.com
Thu Oct 18 00:19:19 PDT 2007 

Hi Dumindu,

Yep. Allowing users to associate their personal/managed cards with their
user account would be a better approach for the mashups community site.

Mashup folks will have to improve their user store slightly to
accommodate this change where it will be able to hold the ppid value and
signature information of the received tokens. When a users tries to
login with a token, ppid and sig info received at in that request can be
cross checked against the stored information to authenticate the user.

Thanks,
Ruchith

Dumindu Pallewela wrote:
>> It certainly is very easy ;-)
>>
>> Now since mashups.org is going to be a public site and we will allow any
>> user to register, we can allow users to register with self issued
>> information cards.
>>
>> In the case where the user registers with an information card the "user
>> name" for mashups.org will be a site specific identifier associated with
>> the self issued card. In addition to this site specific identifier we
>> can request the users to use a card that provides email, first name,
>> last name etc.
>>
> 
> Using the site specific identifier (PPID) as the username doesn't
> sound right to me. It may result in a few complexities.
> 
> * User won't be able to login using two different computers.
> * If he wants to login using some other means he has to create a new
> account. You don't want to type gibberish (PPID) as your username :)
> 
> In addition, can we allow users registered with a user name/password
> to use information cards? If we can to do that do we *have* to issue
> managed cards? I think we don't... how about allowing user to
> *attach* a personal cards to his account? Then if somebody wants, he
> can use two (or more) different personal cards in different
> computers to login (to the same account).
> 
> Regards,
> Dumindu
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Identity-dev mailing list
> Identity-dev at wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/identity-dev


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://wso2.org/pipermail/mashup-dev/attachments/20071018/50c6aeec/signature-0005.pgp

More information about the Mashup-dev mailing list