PHP Authentication System
The PHP Authentication system has served us well but is archaic and requires a rewrite.
How this might work - OpenID
Have php.net become an OpenID identity server. And for example, someone may use any OpenID identity to submit a bug report, add a user comment to the PHP manual, manage my.php, etc. And the php.net identity is required for certain tasks like SVN commits and mirror/user management via master. Basically, anything using a login today.
Activities that use authentication today
- Dealing with bugs. Some bug activities require @php.net accounts.
- Editing wiki pages
- Managing accounts, adding/editing (also for pear and pecl)
- Managing events (cal.php)
- Managing mirrors
- Managing user notes
- User pages at pecl.php.net and pear.php.net
- Activities at doc.php.net
- Some people.php.net information (future)
- Consider doing this before changing version control systems (from CVS to SVN)
- Consider binding VCS access control on a per-user basis (eliminating the avail file)
- RIP Magical Cookie, and thanks for all the memories
- Consider a fallback system for those who prefer separate logins to each site. This suggests a new auth backend that OpenID can be plugged into.
- All content within this idea is up for discussion
- It's a desired feature, so find well suited humans to create it in 2009
- The 2009 php.net redesign efforts are prepared to discuss this idea