Opencaching Community

Opencaching International => Public discussion => Thema gestartet von: sp2ong am 16. Dezember 2010, 07:53:19

Titel: One login to all OC Nodes ?
Beitrag von: sp2ong am 16. Dezember 2010, 07:53:19
Hi,

I have look solution to add OC Code for one login to all OC Nodes without register on every Node. I am not sure that solution with OpenID will be Ok. On every Node we start client/server OpenID OC and when we want to login to not local OC Node for log entry or others we can use OpenID login instead typical username/password. On Local node we login traditional username/password. But what happen when on not local node will be exist username which we use on local ? we can do in code that when user login by OpenID add to username country code from profile OpenID user for exampel sp2ong[PL] will be add to db when I login via OpenID to OC DE. Now when we use API REST to synchronize of Nodes hav to import stat info to local Node for show on local Node info in profile about caches founded on local node (no problem) and on other Nodes. During synchronize via API OC PL will be ask OC DE any info about users in DB which has [PL] in username and transfer info to local Node ?

P
Titel: Re: One login to all OC Nodes ?
Beitrag von: maltee_h am 16. Dezember 2010, 14:57:44
I like this idea!
Titel: Re: One login to all OC Nodes ?
Beitrag von: DudleyGrunt am 16. Dezember 2010, 15:45:35
I believe that this concept would be a good one to try to implement.
Titel: Re: One login to all OC Nodes ?
Beitrag von: mic@ am 16. Dezember 2010, 16:14:46
Zitat von: sp2ong
...we can use OpenID login instead typical username/password. On Local node we login traditional username/password.
So You offer two different login-procedures? Why?
I thought OpenID is able to login whereever You like...
Titel: Re: One login to all OC Nodes ?
Beitrag von: zaanhoeve am 17. Dezember 2010, 09:37:46
As known Iḿ not a scriptwriter, but now the user id is a number. there could be added a field with the node code; OC, PL, OB. than the user can get subtracted from the Db with a cronjob generating a xml that could loaded by every node by cron job?

How do you integrate any system with the forum?

just a thought
Titel: Re: One login to all OC Nodes ?
Beitrag von: zaanhoeve am 17. Dezember 2010, 09:43:33
reading the topic one site? (http://forum.geocaching-network.com/index.php?topic=1172.0)

One Data base with different sites connecting to is will make one login. De O? code could be depending by selecting the country.

Titel: Re: One login to all OC Nodes ?
Beitrag von: oliver am 17. Dezember 2010, 14:25:49
As known Iḿ not a scriptwriter, but now the user id is a number. there could be added a field with the node code; OC, PL, OB. than the user can get subtracted from the Db with a cronjob generating a xml that could loaded by every node by cron job?

In german code, there already is an field node (tinyint) to differenciate the origin of the record to permit different edit rights. The node attribute is stored in table cache, cache_desc, cache_logs, picture and user. Along with date_created, date_modified and the uuid for synchronisation. There is also a table "nodes" where all nodes with their internal ids are noted.

cronjob and plain sql extractions will not be robust, fault tolerant and reliable. It will also be a very limited solution. Its a polling approch - for node synchronisation we should have a nearly real time push-method.

We (waldek and i) talked before some months about the openid-option. Our problem is that we do not have anybody who is realy familar with openid-concept, code or plugins. The main options are (1) install openid-server and authenticate OC-users against that new server (2) implement openid-provider in OC source and host an openid provider inside OC source.

Problem with (1): The registration process needs to be reinvented - at registration, the user has to be created in openid server and in OC code. The OC code will then be a openid-client.
Problem with (2): openid protocol is complex and plugins for that purpose needs some knowledge and initial work to get running. But i think that (2) is the better way, once we get it running ...

I have done some work on synchronisation daemon before some months (not ready for use until now). With that solution, the table 'user' is already sychronized, so we only need to transfer the email and password md5 to certain nodes to allow login on more than one OC site.

Some other preparation is required as sp2ong noted - e.g. we need to display the master node of that user to differenciate between "Oliver [DE]" and "Oliver [PL]".
Titel: Re: One login to all OC Nodes ?
Beitrag von: sp2ong am 17. Dezember 2010, 14:43:41
OpenID it is one of solution but if anybody know other soultion or have other idea to give us possibility login with one account to other nodes will be welcome
Titel: Re: One login to all OC Nodes ?
Beitrag von: Van de Bugger am 21. Dezember 2010, 02:21:35
Hi,

I have look solution to add OC Code for one login to all OC Nodes without register on every Node. I am not sure that solution with OpenID will be Ok. On every Node we start client/server OpenID OC and when we want to login to not local OC Node for log entry or others we can use OpenID login instead typical username/password. On Local node we login traditional username/password. But what happen when on not local node will be exist username which we use on local ? we can do in code that when user login by OpenID add to username country code from profile OpenID user for exampel sp2ong[PL] will be add to db when I login via OpenID to OC DE. Now when we use API REST to synchronize of Nodes hav to import stat info to local Node for show on local Node info in profile about caches founded on local node (no problem) and on other Nodes. During synchronize via API OC PL will be ask OC DE any info about users in DB which has [PL] in username and transfer info to local Node ?

P

1. I think Opencaching node should *not* be an OpenID provider. It is too big responsibility for an Opencaching node. I would rather accept OpenIDs of other providers, because big companies (like Google or Yandex) will serve better (e. g. provide 24*7 availability, etc).

2. An OpenID is world-wide unique because it includes name of provider site and name of user at that site. For example, my OpenID is google.com/profiles/opencaching.su. Some OpenID providers may handle shorter IDs, for example, OpenID provided by Yandex looks like opencaching-su.ya.ru. The only issue that this is rather long string.
Titel: Re: One login to all OC Nodes ?
Beitrag von: sp2ong am 21. Dezember 2010, 06:49:17

2. An OpenID is world-wide unique because it includes name of provider site and name of user at that site. For example, my OpenID is google.com/profiles/opencaching.su. Some OpenID providers may handle shorter IDs, for example, OpenID provided by Yandex looks like opencaching-su.ya.ru. The only issue that this is rather long string.

Yes but one problem with OpenID provider outside OC server is that this same exist short time for exmaple in Poland was openid.pl now is not allow create account. When we have own Server OpenID we can modify information which will be exchanged during process login for example transfer OC Node , Home XY Coordiantes usere if user allow this. You can start up own OpenID Server use Community-ID system which is OpenSource and powerfull with support OpenID 2.0 and http://source.keyboard-monkeys.org/projects/show/communityid What importat when we run own OpenID server we are control our data, accounts etc

I have run long time ago  for test:  openid.opencaching.pl server


For example it is look that SMF Forum which we use is possible enable OpenID login: http://www.simplemachines.org/community/index.php?topic=229315.0
Titel: Re: One login to all OC Nodes ?
Beitrag von: zaanhoeve am 21. Dezember 2010, 10:28:27
Hello

I made an account on the open ID server. What is holding us back to implement it on the nodes?

Regards Kees

Titel: Re: One login to all OC Nodes ?
Beitrag von: sp2ong am 21. Dezember 2010, 11:03:10
I have simple script to check of login by OpenID you can try

http://www.opencaching.pl/api/openid.php

after login this script return about correct Authentication by OpenID login where your uri is: http://openid.opencaching.pl/identity/xxxx
where xxx is your username


You can add to your PHPBB Forum mod OpenID to allow login to forum with openid: http://www.phpbb.com/community/viewtopic.php?f=70&t=1666925
Titel: Re: One login to all OC Nodes ?
Beitrag von: Van de Bugger am 22. Dezember 2010, 00:03:36
Yes but one problem with OpenID provider outside OC server is that this same exist short time for exmaple in Poland was openid.pl now is not allow create account.

I see that site is still working. It does not allow to create new accounts? Does it still work as OpenID provider for already registered users?

Yes, unreliable OpenID provider is a problem, but you have to be careful and choose highly reliable OpenID provider, because it is very important. You trust your net identity to the provider. I am not talking about real name or home coordinates -- they may be fictional. But if OpenID provider closed, your will lost your ownership of blogs, forum messages, caches.

That is the exact reason for my opinion OC should not be OpenID provider at all. Opencaching servers are run by volunteers, there is no guarantee a particular Opencaching node will run forever. If the node closed, users will not lose their caches (I assume they will be mirrored to other nodes eventually), but users will lose their identity (probably on many sites) and cache ownership. To me it is too much responsibility, even if I (as an opencaching node owner) guarantee nothing.

Sidenote: I said I assume caches will be mirrored eventually. I do not know for sure, but I think identity cannot be mirrored, can be?
Titel: Re: One login to all OC Nodes ?
Beitrag von: oliver am 22. Dezember 2010, 00:16:43
Sidenote: I said I assume caches will be mirrored eventually. I do not know for sure, but I think identity cannot be mirrored, can be?

In the concept i am thinking and testing ... the "user" table is replicated the same way as the cache-table. With one difference: email and password-md5 will only be replicated to those nodes that the individual user flagged to be "trusted". If one node goes permanently offline, the user records can be migrated to other nodes without bigger problems (in cooperation with the old site owner).
Titel: Re: One login to all OC Nodes ?
Beitrag von: sp2ong am 22. Dezember 2010, 07:37:20


I see that site is still working. It does not allow to create new accounts? Does it still work as OpenID provider for already registered users?


I have installl again OpenID Server with new version of OpenID Server Provider which support OpenID 2.0. Becasue it is new server running only for test and you can create account. I have deleted old version half year ago becasue I have not idea how to integrate with OC Code. Maybe now when I have use ZEN FrameWork with script which check login from openid.opencaching.pl we can use function from login.php to openid.php which return information that user login correct via openID server. but I am not sure. Please use openid.opencaching.pl to any test in local sites. If we find solution how to integrate OpenID with OC code we can use this in production version.

Oliver you can install own OpenID Server Provider for local test use http://source.keyboard-monkeys.org/projects/show/communityid
like openid.opencaching.de.
Titel: Re: One login to all OC Nodes ?
Beitrag von: Van de Bugger am 23. Dezember 2010, 22:09:12
Sidenote: I said I assume caches will be mirrored eventually. I do not know for sure, but I think identity cannot be mirrored, can be?

In the concept i am thinking and testing ... the "user" table is replicated the same way as the cache-table. With one difference: email and password-md5 will only be replicated to those nodes that the individual user flagged to be "trusted". If one node goes permanently offline, the user records can be migrated to other nodes without bigger problems (in cooperation with the old site owner).

Sorry, I was unclear. I told about mirroring OpenID identity. Can OpenID identity be shared between two providers?
Titel: Re: One login to all OC Nodes ?
Beitrag von: oliver am 24. Dezember 2010, 01:00:38
Oliver you can install own OpenID Server Provider for local test use http://source.keyboard-monkeys.org/projects/show/communityid
like openid.opencaching.de.

Our server does currently not support PHP 5.2 or 5.3 ... i wanted to install it before some months ... and PHP version was the killer ... migration of OC server to new OS is ongoing.
Titel: Re: One login to all OC Nodes ?
Beitrag von: oliver am 24. Dezember 2010, 01:01:39
Sorry, I was unclear. I told about mirroring OpenID identity. Can OpenID identity be shared between two providers?

Sorry, i have no experience with OpenID.
Titel: Re: One login to all OC Nodes ?
Beitrag von: n0x-f0x am 08. Januar 2011, 22:12:27
I think of another posibility to log in a node as a user of a different node.

Almost all sites of the nodes have a 'quick login formular' on their index page:
(http://img143.imageshack.us/img143/7568/quicklogin.png)

The sides have also a 'kind of normal' login page:
(http://img267.imageshack.us/img267/2965/normallogin.png)

And this formular could be expended like this:
(http://img26.imageshack.us/img26/1192/betterlogin.png)

The login page must distinguish between the different nodes, communicate with the server of the requested node (in the following the 'originserver') (check pwd/username) and have to store in a session/cookie/whatever that the user is from an other node.
If the user now logs a cache the servers have to communicate with each other so that the 'originserver' knows that the user found another cache and the other server gets a few profile informations on the user.

This would need a SAFE communication module which is always a bit tricky to implement.

On the other hand this could be the solution

n0x-f0x
Titel: Re: One login to all OC Nodes ?
Beitrag von: poker4ace am 09. Januar 2011, 21:45:31
Cool pictures :D
Well a login for all nodes instead of one for every node is a good idea - But there is one question: How to handle with the user-data? One global database? Where and on which server?
Titel: Re: One login to all OC Nodes ?
Beitrag von: oliver am 10. Januar 2011, 13:23:25
Read http://forum.geocaching-network.com/index.php?topic=1172.0
There you will find some information how the OC network will synchronize the content in future.

With that in mind, i think we dont need to invest too much work in reinventing an solution similar to OpenID.