[sugar] XO identity shared via Browse

Tomeu Vizoso tomeu at sugarlabs.org
Wed Dec 3 06:08:20 EST 2008


On Tue, Dec 2, 2008 at 8:56 PM, Greg Smith <gregsmitholpc at gmail.com> wrote:
> Hi Tomeu and Browse engineers,

Hi Greg,

first of all, I would like to note that we are trying to close the
sugar at l.o mailing list and move the olpc-specific traffic to devel at l.o
and the rest to sugar-devel at sugarlabs.org. Please help us with this!

Second, we may need to think a bit about how we are going to resource
this task. Simon is the Browse maintainer and has a good knowledge of
its internals, though Marco and me have hacked occasionally on it.
AFAIK, none of us have a good knowledge of security issues and use to
ask Michael for advice. And the third knowledge area involved is the
school server, with Martin on the wheel.

So I propose that server and security experts discuss the different
possibilities first and then ask the sugar people about how best to
implement the client side of this. Mozilla gives us lots of hooks for
altering  the conversation between the browser and the server, so we
have a good deal of flexibility there that we can take advantage of.

So I'm cc'ing to devel at l.o and sugar-devel at s.o where OLPC and other
Sugar deployers (I'm thinking specially on Brendan and Caroline) can
discuss the different alternatives.

Regards,

Tomeu

> Talking with Martin L recently he mentioned that you have some ideas on
> how the XO can communicate its identity (e.g. serial # and maybe user
> name) with a web server. We're mostly thinking of the school server as
> the server side but a more generic solution may be acceptable.
>
> The main idea is to eliminate the need for students to ever type in a
> user name and password. e.g. they should be able to just hit the Backup
> and Restore URL and see their files without having to login or find
> their serial number in a list.
>
> That's one example. I would also like any Web server to be able to
> extract the XO identity and use it in CGI (e.g. PHP) for processing.
>
> It should also be encrypted so that the XO cannot be spoofed. e.g. only
> the XO which backed up and can see or restore its own files (possibly
> with an admin override).
>
> I put a stub of a requirement for it on our roadmap here:
> http://wiki.laptop.org/go/Feature_roadmap#Single_Sign_on_from_Browse
>
> Do you have any ideas or designs for how we can achieve that?
>
> Comments and questions welcome.
>
> Thanks,
>
> Greg S
>
> _______________________________________________
> Sugar mailing list
> Sugar at lists.laptop.org
> http://lists.laptop.org/listinfo/sugar
>



More information about the Devel mailing list