[SAC] Offering OpenID for OSGeo Users

Christopher Schmidt crschmidt at metacarta.com
Mon Jul 30 08:45:11 EDT 2007

One of the important pieces of the OSGeo infrastructure is the user ID.
It provides the ability for users to login with the same username and
password at various parts of the OSGeo site infrastructure.

There are now applications being developed by OSGeo users which require
login infrastructure. Thankfully, there is a distributed
login/authentication system: "OpenID: an actually distributed identity
system"[1]. OpenID allows you to enter a URL -- like
http://openid.osgeo.org/crschmidt -- into a form like the login form at
SpatialReference.org[2], to indicate your identity.

In an effort to make it easier to use OSGeo identities in a
distributable way, it would be possible to set up a PHP Standalone
OpenID Server[3] to authenticate against LDAP. You can see what sort of
interface this provides at a sample server I've set up[4].
Login as crschmidt:test. You can test logging in at
http://spatialreference.org/openid/, using
'http://crschmidt.net/~crschmidt/PHP-server-1.1/src/?user=crschmidt' as
your login.

I started playing with this last night, on geodata.telascience.org
(which can talk to the LDAP server). I think I'm actually pretty close
to getting it working, but I don't have root on the box, and the PHP
settings are to hide all errors, so I'm having a lot of trouble
debugging it. :)  

Steps to getting this to work:
 * Getting the error display for PHP truned on, so that the rest of the
   system can be debugged in its current state. This may involve needing
   root on some machine to install some packages -- I'm not sure yet.
   More importantly, a PHP directory I can write to on some server that
   can talk to LDAP is important
 * Once the system is up and running, styling the templates to look like
   the OSGeo homepage.
 * Making profile editing links go directly to OSGeo pages, rather than
   having any internal profile information.
 * Cleaning up URLs, so that '/crschmidt' is used instead of
 * Making the 'this is the profile page for' pages have relevant

I think that once that is done, the server would need to be put
someplace it could be at openid.osgeo.org, and documenting that OSGeo
IDs are now OpenIDs.

I'm willing to do all the work here, so long as someone gives me the
information on where I need to be doing the work so that I don't screw
anything up. :)

Looking forward to any thoughts.

[1] http://openid.net/
[2] http://spatialreference.org/openid/
[3] http://www.openidenabled.com/openid/php-standalone-openid-server/
[4] http://crschmidt.net/~crschmidt/PHP-server-1.1/src/
[5] http://geodata.telascience.org/geni/PHP-server-1.1/src/

Christopher Schmidt

More information about the Sac mailing list