ideas:phpnetauth

PHP Authentication System

The PHP Authentication system has served us well but is archaic and requires a rewrite.

How this might work - OpenID

Have php.net become an OpenID identity server. And for example, someone may use any OpenID identity to submit a bug report, add a user comment to the PHP manual, manage my.php, etc. And the php.net identity is required for certain tasks like SVN commits and mirror/user management via master. Basically, anything using a login today.

Activities that use authentication today

  • Dealing with bugs. Some bug activities require @php.net accounts.
  • Editing wiki pages
  • Managing accounts, adding/editing (also for pear and pecl)
  • Managing events (cal.php)
  • Managing mirrors
  • Managing user notes
  • User pages at pecl.php.net and pear.php.net
  • Activities at doc.php.net
  • Some people.php.net information (future)

Notes

  • Consider doing this before changing version control systems (from CVS to SVN)
  • Consider binding VCS access control on a per-user basis (eliminating the avail file)
  • RIP Magical Cookie, and thanks for all the memories
  • Consider a fallback system for those who prefer separate logins to each site. This suggests a new auth backend that OpenID can be plugged into.

Status

  • All content within this idea is up for discussion
  • It's a desired feature, so find well suited humans to create it in 2009
  • The 2009 php.net redesign efforts are prepared to discuss this idea

Progress

Brain Storming.

ideas/phpnetauth.txt · Last modified: 2011/04/06 12:59 (external edit)