OpenID and CLA

John (J5) Palmieri johnp at redhat.com
Tue May 27 15:04:56 UTC 2008 

On Mon, 2008-05-26 at 20:11 -0500, Mike McGrath wrote:
> On Mon, 26 May 2008, Karsten 'quaid' Wade wrote:
> 
> > Just doing some thinking ...
> >
> > If we want to move our OpenID acceptance outside of Fedora's OpenID
> > server, we'll have a blocker with the CLA.  AIUI, we need someone to
> > knowingly accept the CLA and have that tied to a Real Name and email
> > address in our database.  Right?
> >
> 
> Correct.
> 
> > However, OpenID could be a good way to get permissions to Talk: pages.
> > That is a great way to get feedback from drive-bys, the kind of people
> > who might take advantage of an OpenID to make a minor change on a
> > page.
> >
> 
> <nod> I looked briefly into this but haven't totally come to a solution
> yet.
> 
> > Content in Talk: could be treated procedurally as we do bug reports.
> > Maybe we can have a WikiLicense type of thing (FedoraProject:Copyrights
> > link enough?) for that?  Either way, Talk: could be a discussion area,
> > cf. mailing lists and bugzilla, that may produce content.  If someone
> > gives specific wording and we want to use it, and now or later modify
> > it, redistribute it, etc., it needs to be under the CLA and site
> > license.  This is comparable to receiving a patch via bugzilla where the
> > contributor should include licensing text.
> >
> 
> Yeah, this is both a question for legal and a question to see what is
> technically feasible.  OpenID is great, but once again the CLA continues
> to be the biggest blocker to growing our contributor base.
> 
> 	-Mike


It is my understanding that OpenID isn't about giving people unfettered
access.  It is about not having to type your information and remember
passwords for 100 different sites.  The idea behind federation is you
can allow access from certain OpenID domains to specific resources (FAS
still decides what gets served up) and you can also federate a Fedora
user account with an OpenID account.  For more sensitive operations you
can still require the user type in their Fedora password or have a
certificate.   http://www.gnucitizen.org/blog/openid-a-security-story/
lists some OpenID concerns (a lot of which we prevent by using https).

This issue is more than just an OpenID issue.  In fact you can take
OpenID out of the equation to ask, how do we allow people to join when
the CLA is our biggest blocker.  I think the correct answer here is the
one being looked at which is to allow things like posting comments, bugs
and setting up a user presence within Fedora should all be allowed
without the CLA (bugs are already allowed this way). For all other
things, as people want to do more the CLA is then presented as the next
step.  Putting OpenID back into the equation doesn't really change much
other than a discussion on what level do we just accept OpenID and on
what level do we make them federate with a Fedora account.

Concentrating on the CLA bottleneck would make everything else possible.
We have concluded that it is a necessity but I hope that doesn't mean we
don't have any wiggle room.

-- 
John (J5) Palmieri <johnp at redhat.com>

More information about the Fedora-infrastructure-list mailing list