===== PHP Authentication System ===== The PHP Authentication system has served us well but is archaic and requires a rewrite. ==== How this might work - OpenID ==== Have php.net become an OpenID identity server. And for example, someone may use any OpenID identity to submit a bug report, add a user comment to the PHP manual, manage my.php, etc. And the php.net identity is required for certain tasks like SVN commits and mirror/user management via master. Basically, anything using a login today. ==== Activities that use authentication today ==== * Dealing with bugs. Some bug activities require @php.net accounts. * Editing wiki pages * Managing accounts, adding/editing (also for pear and pecl) * Managing events (cal.php) * Managing mirrors * Managing user notes * User pages at pecl.php.net and pear.php.net * Activities at doc.php.net * Some people.php.net information (future) ==== Notes ==== * Consider doing this before changing version control systems (from CVS to SVN) * Consider binding VCS access control on a per-user basis (eliminating the avail file) * RIP Magical Cookie, and thanks for all the memories * Consider a fallback system for those who prefer separate logins to each site. This suggests a new auth backend that OpenID can be plugged into. ==== Status ==== * All content within this idea is up for discussion * It's a desired feature, so find well suited humans to create it in 2009 * The 2009 php.net redesign efforts are prepared to discuss this idea ==== Progress ==== Brain Storming.