comparison mod_openid/README.markdown @ 1885:b42eb10dc7d2

mod_openid/README: Convert raw HTML to emphasis
author Kim Alvefur <zash@zash.se>
date Thu, 01 Oct 2015 16:58:12 +0200
parents 4d73a1a6ba68
children
comparison
equal deleted inserted replaced
1884:153f063c3d1a 1885:b42eb10dc7d2
50 50
51 The following is a list of the pending tasks which would have to be done 51 The following is a list of the pending tasks which would have to be done
52 to make mod\_openid fully featured. They are generally ranked in order 52 to make mod\_openid fully featured. They are generally ranked in order
53 of most importance with an estimated degree of difficulty. 53 of most importance with an estimated degree of difficulty.
54 54
55 1. Support Prosody 0.6.x series 55 1. Support Prosody 0.6.x series (**Medium**)
56 (<font color='blue'><i>Medium</i></font>) 56 2. Refactor code (**Medium**)
57 2. Refactor code (<font color='blue'><i>Medium</i></font>)
58 - The code is pretty messy at the moment, it should be refactored 57 - The code is pretty messy at the moment, it should be refactored
59 to be more easily understood. 58 to be more easily understood.
60 59
61 3. Disable use of "user@domain" OpenID identifier form 60 3. Disable use of "user@domain" OpenID identifier form (*Easy*)
62 (<font color='green'><i>Easy</i></font>)
63 - This is a vestigial feature from the early design, allowing 61 - This is a vestigial feature from the early design, allowing
64 explicit specification of the JID. However the JID can be 62 explicit specification of the JID. However the JID can be
65 inferred from the simpler OpenID identifier form. 63 inferred from the simpler OpenID identifier form.
66 64
67 4. Use a cryptographically secure Pseudo Random Number Generator (PRNG) 65 4. Use a cryptographically secure Pseudo Random Number Generator (PRNG)
68 (<font color='blue'><i>Medium</i></font>) 66 (**Medium**)
69 - This would likely be accomplished using luacrypto which provides 67 - This would likely be accomplished using luacrypto which provides
70 a Lua binding to the OpenSSL PRNG. 68 a Lua binding to the OpenSSL PRNG.
71 69
72 5. Make sure OpenID key-value pairs get signed in the right order 70 5. Make sure OpenID key-value pairs get signed in the right order
73 (<font color='red'><i>Hard</i></font>) 71 (***Hard***)
74 - It is important that the OpenID key-value responses be signed in 72 - It is important that the OpenID key-value responses be signed in
75 the proper order so that the signature can be properly verified 73 the proper order so that the signature can be properly verified
76 by the receiving party. This may be complicated by the fact that 74 by the receiving party. This may be complicated by the fact that
77 the iterative ordering of keys in a Lua table is not guaranteed 75 the iterative ordering of keys in a Lua table is not guaranteed
78 for non-integer keys. 76 for non-integer keys.
79 77
80 6. Do an actual match on the OpenID realm 78 6. Do an actual match on the OpenID realm (**Medium**)
81 (<font color='blue'><i>Medium</i></font>)
82 - The code currently always returns true for matches against an 79 - The code currently always returns true for matches against an
83 OpenID realm, posing a security risk. 80 OpenID realm, posing a security risk.
84 81
85 7. Don't use plain text authentication over HTTP 82 7. Don't use plain text authentication over HTTP (***Hard***)
86 (<font color='red'><i>Hard</i></font>)
87 - This would require some Javascript to perform a digest. 83 - This would require some Javascript to perform a digest.
88 84
89 8. Return meaningful error responses 85 8. Return meaningful error responses (**Medium**)
90 (<font color='blue'><i>Medium</i></font>)
91 - Most error responses are an HTTP 404 File Not Found, obviously 86 - Most error responses are an HTTP 404 File Not Found, obviously
92 something more meaningful could be returned. 87 something more meaningful could be returned.
93 88
94 9. Enable Association (<font color='red'><i>Hard</i></font>) 89 9. Enable Association (***Hard***)
95 - Association is a feature of the OpenID specification which 90 - Association is a feature of the OpenID specification which
96 reduces the number of round-trips needed to perform 91 reduces the number of round-trips needed to perform
97 authentication. 92 authentication.
98 93
99 10. Support HTTPS (<font color='blue'><i>Medium</i></font>) 94 10. Support HTTPS (**Medium**)
100 - With option to only allow authentication through HTTPS 95 - With option to only allow authentication through HTTPS
101 96
102 11. Enable OpenID 1.1 compatibility 97 11. Enable OpenID 1.1 compatibility (**Medium**)
103 (<font color='blue'><i>Medium</i></font>)
104 - mod\_openid is designed from the OpenID 2.0 specification, which 98 - mod\_openid is designed from the OpenID 2.0 specification, which
105 has an OpenID 1.1 compatibility mode. 99 has an OpenID 1.1 compatibility mode.
106 100
107 12. Check specification compliance 101 12. Check specification compliance (**Medium**)
108 (<font color='blue'><i>Medium</i></font>)
109 - Walk through the code and make sure it complies with the OpenID 102 - Walk through the code and make sure it complies with the OpenID
110 specification. Comment code as necessary with the relevant 103 specification. Comment code as necessary with the relevant
111 sections in the specification. 104 sections in the specification.
112 105
113 Once all these steps are done, mod\_openid could be considered to have 106 Once all these steps are done, mod\_openid could be considered to have
114 reached "beta" status and ready to real world use. The following are 107 reached "beta" status and ready to real world use. The following are
115 features that would be nice to have in a stable release: 108 features that would be nice to have in a stable release:
116 109
117 1. Allow users to always trust realms 110 1. Allow users to always trust realms (***Hard***)
118 (<font color='red'><i>Hard</i></font>) 111 2. Allow users to remain logged in with a cookie (***Hard***)
119 2. Allow users to remain logged in with a cookie 112 3. Enable simple registration using a user's vCard (**Medium**)
120 (<font color='red'><i>Hard</i></font>) 113 4. More useful user identity page (***Hard***)
121 3. Enable simple registration using a user's vCard
122 (<font color='blue'><i>Medium</i></font>)
123 4. More useful user identity page
124 (<font color='red'><i>Hard</i></font>)
125 - Allow users to alter what realms they trust and what simple 114 - Allow users to alter what realms they trust and what simple
126 registration information gets sent to relaying parties by 115 registration information gets sent to relaying parties by
127 default. 116 default.
128 117
129 5. OpenID Bot (<font color='red'><i>Hard</i></font>) 118 5. OpenID Bot (***Hard***)
130 - Offers all functionality of the user identity page management 119 - Offers all functionality of the user identity page management
131 120
132 6. Better designed pages (<font color='green'>Easy</font>) 121 6. Better designed pages (*Easy*)
133 - Use semantic XHTML and CSS to allow for custom styling. 122 - Use semantic XHTML and CSS to allow for custom styling.
134 - Use the Prosody favicon. 123 - Use the Prosody favicon.
135 124
136 Useful Links 125 Useful Links
137 ============ 126 ============