From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6EB261381F3 for ; Mon, 29 Jul 2013 21:24:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2220CE0A59; Mon, 29 Jul 2013 21:24:34 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 953C7E0A59 for ; Mon, 29 Jul 2013 21:24:33 +0000 (UTC) Received: from localhost (unknown [213.195.166.83]) (using SSLv3 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 3840633EA91; Mon, 29 Jul 2013 21:24:31 +0000 (UTC) Date: Mon, 29 Jul 2013 23:24:41 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-soc@lists.gentoo.org Subject: [gentoo-soc] identity.g.o OpenID provider -- weekly report #6 Message-ID: <20130729232441.41e56a5a@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.9.2-dirty (GTK+ 2.24.20; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-soc@lists.gentoo.org Reply-to: gentoo-soc@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA512; boundary="Sig_/lQ3hmE7tnshfv8q9/IR0/Xk"; protocol="application/pgp-signature" X-Archives-Salt: 3c3aeab9-9faf-42bf-bc1d-4d64b0203a30 X-Archives-Hash: c250bbc6159bac2a283c9ac95963e281 --Sig_/lQ3hmE7tnshfv8q9/IR0/Xk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, all. Short summary: I'm working on creating an OpenID provider service using Gentoo LDAP. It will provide a common login service for Gentoo developers to Gentoo sites and other OpenID-aware sites (e.g. bug trackers, blogs). Source code: https://github.com/mgorny/identity.gentoo.org Week #6 =3D=3D=3D=3D=3D=3D=3D Status: a little behind schedule This week I was focusing on the issues related to SSL certificate authentication. For this reason, I have gathered more information on the topic, set up a testing SSL/UWSGI nginx instance, created a client certificate and did some testing wrt server and browser behavior. As a result, I've written a small blog post on the topic of implementing certificate auth in okupy [1] and contacted robbat2 to discuss the details. My ideas have proved to be problematic with the way Gentoo operates its certificates, therefore I will need to discuss a better solutions. Plans for next week: - work on cleaning up and implementing more fields in django-ldapdb, and -- as a result -- bringing more SReg/AX fields. - support more AX namespaces/providers. - continue the work on SSL support. --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/lQ3hmE7tnshfv8q9/IR0/Xk Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQJ8BAEBCgBmBQJR9t2gXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1RUJGMjBGOTk2RkIzQzIyQ0M2RkNBNDBC QUJGMUQ1RkY4QzgxMTBBAAoJELq/HV/4yBEKyMMQAOXXFQpiG24c0+V8xSRwhEar /HYYfKqI+uxM8Rz9GI45nLRTXOxdv8CR/E4IaONAqf279+tLC74S299QJ6TDZYQi osvOwzLN0u9x2ruMmomcO3cXXPZssp0X/Ufioq4h3vRVgAdHCvnBrqAqYMDCVEPF uQgmQfvvPd4TM9YjVXx6hk6ohK1A+0BT4O2NRCx69Rk9ivQsPz+kwUPRgMd0wMV4 mHADDceVa3zPh7RZKs5LJ0n3Mf6wxXVWreDNmY+3APQx7JdkZZ0DIIS5fDsrRgw6 d+JvaJmdpG141ODQAFIYDZbShzwU+w5++lOr5pJuTHEd/VUCam4pFj6NTrkYomvq e53uqfFoc9Te7j3wJ25jliG9YCCXv6ZSQha3k5QAVQsMopQ7YgFoL6+1jyoF0u/1 g2MGmefMsuNRUZbR+0Hw3Xes9nn05B66/IvDgqUGquwwVFHvwSQri2/3Df7fpdzE Rfo7bhXkXrONUe/V0+dhadtvfW4vGpI4YPUv8CnDsREXUO1Hboqc3JADKvlaBxKQ i3LFLtHOeeUu4eJx4++2Sg0yL1lv+QLxHYI6xltSmAie+2cwJtGh0H//ArQ/jA0N gRO8FEmlxngj+7hluo/5ZZoAiCMQYTT7rsSj4/K77JGH/FeIOHfkInrJwNelYU6o ydsdzWo9EWctKIAW8xlC =SUYH -----END PGP SIGNATURE----- --Sig_/lQ3hmE7tnshfv8q9/IR0/Xk--