prosody-modules
b42eb10dc7d2
mod_openid/README.markdown
Software / code / prosody-modules
Comparison
mod_openid/README.markdown @ 1885:b42eb10dc7d2
mod_openid/README: Convert raw HTML to emphasis
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 01 Oct 2015 16:58:12 +0200 |
| parent | 1803:4d73a1a6ba68 |
comparison
equal
deleted
inserted
replaced
| 1884:153f063c3d1a | 1885:b42eb10dc7d2 |
|---|---|
| 50 | 50 |
| 51 The following is a list of the pending tasks which would have to be done | 51 The following is a list of the pending tasks which would have to be done |
| 52 to make mod\_openid fully featured. They are generally ranked in order | 52 to make mod\_openid fully featured. They are generally ranked in order |
| 53 of most importance with an estimated degree of difficulty. | 53 of most importance with an estimated degree of difficulty. |
| 54 | 54 |
| 55 1. Support Prosody 0.6.x series | 55 1. Support Prosody 0.6.x series (**Medium**) |
| 56 (<font color='blue'><i>Medium</i></font>) | 56 2. Refactor code (**Medium**) |
| 57 2. Refactor code (<font color='blue'><i>Medium</i></font>) | |
| 58 - The code is pretty messy at the moment, it should be refactored | 57 - The code is pretty messy at the moment, it should be refactored |
| 59 to be more easily understood. | 58 to be more easily understood. |
| 60 | 59 |
| 61 3. Disable use of "user@domain" OpenID identifier form | 60 3. Disable use of "user@domain" OpenID identifier form (*Easy*) |
| 62 (<font color='green'><i>Easy</i></font>) | |
| 63 - This is a vestigial feature from the early design, allowing | 61 - This is a vestigial feature from the early design, allowing |
| 64 explicit specification of the JID. However the JID can be | 62 explicit specification of the JID. However the JID can be |
| 65 inferred from the simpler OpenID identifier form. | 63 inferred from the simpler OpenID identifier form. |
| 66 | 64 |
| 67 4. Use a cryptographically secure Pseudo Random Number Generator (PRNG) | 65 4. Use a cryptographically secure Pseudo Random Number Generator (PRNG) |
| 68 (<font color='blue'><i>Medium</i></font>) | 66 (**Medium**) |
| 69 - This would likely be accomplished using luacrypto which provides | 67 - This would likely be accomplished using luacrypto which provides |
| 70 a Lua binding to the OpenSSL PRNG. | 68 a Lua binding to the OpenSSL PRNG. |
| 71 | 69 |
| 72 5. Make sure OpenID key-value pairs get signed in the right order | 70 5. Make sure OpenID key-value pairs get signed in the right order |
| 73 (<font color='red'><i>Hard</i></font>) | 71 (***Hard***) |
| 74 - It is important that the OpenID key-value responses be signed in | 72 - It is important that the OpenID key-value responses be signed in |
| 75 the proper order so that the signature can be properly verified | 73 the proper order so that the signature can be properly verified |
| 76 by the receiving party. This may be complicated by the fact that | 74 by the receiving party. This may be complicated by the fact that |
| 77 the iterative ordering of keys in a Lua table is not guaranteed | 75 the iterative ordering of keys in a Lua table is not guaranteed |
| 78 for non-integer keys. | 76 for non-integer keys. |
| 79 | 77 |
| 80 6. Do an actual match on the OpenID realm | 78 6. Do an actual match on the OpenID realm (**Medium**) |
| 81 (<font color='blue'><i>Medium</i></font>) | |
| 82 - The code currently always returns true for matches against an | 79 - The code currently always returns true for matches against an |
| 83 OpenID realm, posing a security risk. | 80 OpenID realm, posing a security risk. |
| 84 | 81 |
| 85 7. Don't use plain text authentication over HTTP | 82 7. Don't use plain text authentication over HTTP (***Hard***) |
| 86 (<font color='red'><i>Hard</i></font>) | |
| 87 - This would require some Javascript to perform a digest. | 83 - This would require some Javascript to perform a digest. |
| 88 | 84 |
| 89 8. Return meaningful error responses | 85 8. Return meaningful error responses (**Medium**) |
| 90 (<font color='blue'><i>Medium</i></font>) | |
| 91 - Most error responses are an HTTP 404 File Not Found, obviously | 86 - Most error responses are an HTTP 404 File Not Found, obviously |
| 92 something more meaningful could be returned. | 87 something more meaningful could be returned. |
| 93 | 88 |
| 94 9. Enable Association (<font color='red'><i>Hard</i></font>) | 89 9. Enable Association (***Hard***) |
| 95 - Association is a feature of the OpenID specification which | 90 - Association is a feature of the OpenID specification which |
| 96 reduces the number of round-trips needed to perform | 91 reduces the number of round-trips needed to perform |
| 97 authentication. | 92 authentication. |
| 98 | 93 |
| 99 10. Support HTTPS (<font color='blue'><i>Medium</i></font>) | 94 10. Support HTTPS (**Medium**) |
| 100 - With option to only allow authentication through HTTPS | 95 - With option to only allow authentication through HTTPS |
| 101 | 96 |
| 102 11. Enable OpenID 1.1 compatibility | 97 11. Enable OpenID 1.1 compatibility (**Medium**) |
| 103 (<font color='blue'><i>Medium</i></font>) | |
| 104 - mod\_openid is designed from the OpenID 2.0 specification, which | 98 - mod\_openid is designed from the OpenID 2.0 specification, which |
| 105 has an OpenID 1.1 compatibility mode. | 99 has an OpenID 1.1 compatibility mode. |
| 106 | 100 |
| 107 12. Check specification compliance | 101 12. Check specification compliance (**Medium**) |
| 108 (<font color='blue'><i>Medium</i></font>) | |
| 109 - Walk through the code and make sure it complies with the OpenID | 102 - Walk through the code and make sure it complies with the OpenID |
| 110 specification. Comment code as necessary with the relevant | 103 specification. Comment code as necessary with the relevant |
| 111 sections in the specification. | 104 sections in the specification. |
| 112 | 105 |
| 113 Once all these steps are done, mod\_openid could be considered to have | 106 Once all these steps are done, mod\_openid could be considered to have |
| 114 reached "beta" status and ready to real world use. The following are | 107 reached "beta" status and ready to real world use. The following are |
| 115 features that would be nice to have in a stable release: | 108 features that would be nice to have in a stable release: |
| 116 | 109 |
| 117 1. Allow users to always trust realms | 110 1. Allow users to always trust realms (***Hard***) |
| 118 (<font color='red'><i>Hard</i></font>) | 111 2. Allow users to remain logged in with a cookie (***Hard***) |
| 119 2. Allow users to remain logged in with a cookie | 112 3. Enable simple registration using a user's vCard (**Medium**) |
| 120 (<font color='red'><i>Hard</i></font>) | 113 4. More useful user identity page (***Hard***) |
| 121 3. Enable simple registration using a user's vCard | |
| 122 (<font color='blue'><i>Medium</i></font>) | |
| 123 4. More useful user identity page | |
| 124 (<font color='red'><i>Hard</i></font>) | |
| 125 - Allow users to alter what realms they trust and what simple | 114 - Allow users to alter what realms they trust and what simple |
| 126 registration information gets sent to relaying parties by | 115 registration information gets sent to relaying parties by |
| 127 default. | 116 default. |
| 128 | 117 |
| 129 5. OpenID Bot (<font color='red'><i>Hard</i></font>) | 118 5. OpenID Bot (***Hard***) |
| 130 - Offers all functionality of the user identity page management | 119 - Offers all functionality of the user identity page management |
| 131 | 120 |
| 132 6. Better designed pages (<font color='green'>Easy</font>) | 121 6. Better designed pages (*Easy*) |
| 133 - Use semantic XHTML and CSS to allow for custom styling. | 122 - Use semantic XHTML and CSS to allow for custom styling. |
| 134 - Use the Prosody favicon. | 123 - Use the Prosody favicon. |
| 135 | 124 |
| 136 Useful Links | 125 Useful Links |
| 137 ============ | 126 ============ |
