Mercurial > prosody-modules
comparison mod_openid/README.markdown @ 1885:b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 01 Oct 2015 16:58:12 +0200 |
parents | 4d73a1a6ba68 |
children |
comparison
equal
deleted
inserted
replaced
1884:153f063c3d1a | 1885:b42eb10dc7d2 |
---|---|
50 | 50 |
51 The following is a list of the pending tasks which would have to be done | 51 The following is a list of the pending tasks which would have to be done |
52 to make mod\_openid fully featured. They are generally ranked in order | 52 to make mod\_openid fully featured. They are generally ranked in order |
53 of most importance with an estimated degree of difficulty. | 53 of most importance with an estimated degree of difficulty. |
54 | 54 |
55 1. Support Prosody 0.6.x series | 55 1. Support Prosody 0.6.x series (**Medium**) |
56 (<font color='blue'><i>Medium</i></font>) | 56 2. Refactor code (**Medium**) |
57 2. Refactor code (<font color='blue'><i>Medium</i></font>) | |
58 - The code is pretty messy at the moment, it should be refactored | 57 - The code is pretty messy at the moment, it should be refactored |
59 to be more easily understood. | 58 to be more easily understood. |
60 | 59 |
61 3. Disable use of "user@domain" OpenID identifier form | 60 3. Disable use of "user@domain" OpenID identifier form (*Easy*) |
62 (<font color='green'><i>Easy</i></font>) | |
63 - This is a vestigial feature from the early design, allowing | 61 - This is a vestigial feature from the early design, allowing |
64 explicit specification of the JID. However the JID can be | 62 explicit specification of the JID. However the JID can be |
65 inferred from the simpler OpenID identifier form. | 63 inferred from the simpler OpenID identifier form. |
66 | 64 |
67 4. Use a cryptographically secure Pseudo Random Number Generator (PRNG) | 65 4. Use a cryptographically secure Pseudo Random Number Generator (PRNG) |
68 (<font color='blue'><i>Medium</i></font>) | 66 (**Medium**) |
69 - This would likely be accomplished using luacrypto which provides | 67 - This would likely be accomplished using luacrypto which provides |
70 a Lua binding to the OpenSSL PRNG. | 68 a Lua binding to the OpenSSL PRNG. |
71 | 69 |
72 5. Make sure OpenID key-value pairs get signed in the right order | 70 5. Make sure OpenID key-value pairs get signed in the right order |
73 (<font color='red'><i>Hard</i></font>) | 71 (***Hard***) |
74 - It is important that the OpenID key-value responses be signed in | 72 - It is important that the OpenID key-value responses be signed in |
75 the proper order so that the signature can be properly verified | 73 the proper order so that the signature can be properly verified |
76 by the receiving party. This may be complicated by the fact that | 74 by the receiving party. This may be complicated by the fact that |
77 the iterative ordering of keys in a Lua table is not guaranteed | 75 the iterative ordering of keys in a Lua table is not guaranteed |
78 for non-integer keys. | 76 for non-integer keys. |
79 | 77 |
80 6. Do an actual match on the OpenID realm | 78 6. Do an actual match on the OpenID realm (**Medium**) |
81 (<font color='blue'><i>Medium</i></font>) | |
82 - The code currently always returns true for matches against an | 79 - The code currently always returns true for matches against an |
83 OpenID realm, posing a security risk. | 80 OpenID realm, posing a security risk. |
84 | 81 |
85 7. Don't use plain text authentication over HTTP | 82 7. Don't use plain text authentication over HTTP (***Hard***) |
86 (<font color='red'><i>Hard</i></font>) | |
87 - This would require some Javascript to perform a digest. | 83 - This would require some Javascript to perform a digest. |
88 | 84 |
89 8. Return meaningful error responses | 85 8. Return meaningful error responses (**Medium**) |
90 (<font color='blue'><i>Medium</i></font>) | |
91 - Most error responses are an HTTP 404 File Not Found, obviously | 86 - Most error responses are an HTTP 404 File Not Found, obviously |
92 something more meaningful could be returned. | 87 something more meaningful could be returned. |
93 | 88 |
94 9. Enable Association (<font color='red'><i>Hard</i></font>) | 89 9. Enable Association (***Hard***) |
95 - Association is a feature of the OpenID specification which | 90 - Association is a feature of the OpenID specification which |
96 reduces the number of round-trips needed to perform | 91 reduces the number of round-trips needed to perform |
97 authentication. | 92 authentication. |
98 | 93 |
99 10. Support HTTPS (<font color='blue'><i>Medium</i></font>) | 94 10. Support HTTPS (**Medium**) |
100 - With option to only allow authentication through HTTPS | 95 - With option to only allow authentication through HTTPS |
101 | 96 |
102 11. Enable OpenID 1.1 compatibility | 97 11. Enable OpenID 1.1 compatibility (**Medium**) |
103 (<font color='blue'><i>Medium</i></font>) | |
104 - mod\_openid is designed from the OpenID 2.0 specification, which | 98 - mod\_openid is designed from the OpenID 2.0 specification, which |
105 has an OpenID 1.1 compatibility mode. | 99 has an OpenID 1.1 compatibility mode. |
106 | 100 |
107 12. Check specification compliance | 101 12. Check specification compliance (**Medium**) |
108 (<font color='blue'><i>Medium</i></font>) | |
109 - Walk through the code and make sure it complies with the OpenID | 102 - Walk through the code and make sure it complies with the OpenID |
110 specification. Comment code as necessary with the relevant | 103 specification. Comment code as necessary with the relevant |
111 sections in the specification. | 104 sections in the specification. |
112 | 105 |
113 Once all these steps are done, mod\_openid could be considered to have | 106 Once all these steps are done, mod\_openid could be considered to have |
114 reached "beta" status and ready to real world use. The following are | 107 reached "beta" status and ready to real world use. The following are |
115 features that would be nice to have in a stable release: | 108 features that would be nice to have in a stable release: |
116 | 109 |
117 1. Allow users to always trust realms | 110 1. Allow users to always trust realms (***Hard***) |
118 (<font color='red'><i>Hard</i></font>) | 111 2. Allow users to remain logged in with a cookie (***Hard***) |
119 2. Allow users to remain logged in with a cookie | 112 3. Enable simple registration using a user's vCard (**Medium**) |
120 (<font color='red'><i>Hard</i></font>) | 113 4. More useful user identity page (***Hard***) |
121 3. Enable simple registration using a user's vCard | |
122 (<font color='blue'><i>Medium</i></font>) | |
123 4. More useful user identity page | |
124 (<font color='red'><i>Hard</i></font>) | |
125 - Allow users to alter what realms they trust and what simple | 114 - Allow users to alter what realms they trust and what simple |
126 registration information gets sent to relaying parties by | 115 registration information gets sent to relaying parties by |
127 default. | 116 default. |
128 | 117 |
129 5. OpenID Bot (<font color='red'><i>Hard</i></font>) | 118 5. OpenID Bot (***Hard***) |
130 - Offers all functionality of the user identity page management | 119 - Offers all functionality of the user identity page management |
131 | 120 |
132 6. Better designed pages (<font color='green'>Easy</font>) | 121 6. Better designed pages (*Easy*) |
133 - Use semantic XHTML and CSS to allow for custom styling. | 122 - Use semantic XHTML and CSS to allow for custom styling. |
134 - Use the Prosody favicon. | 123 - Use the Prosody favicon. |
135 | 124 |
136 Useful Links | 125 Useful Links |
137 ============ | 126 ============ |