|OpenID and Subversion
||[Mar. 21st, 2006|12:44 am]
Artur, David and I discussed how to make Subversion commits using OpenID authentication work today, without changing the subversion client.
Nutshell: client-side tiny HTTP proxy that does the OpenID protocol. Then transmitted user/pass is URL/signature. (well, signature with unixtime that's close to the server's unixtime, so server can implement, say, 24 hour anti-replay cache)
Result: we can grant people commit just by their URL, without giving them a username/password. And don't have to deal with "But I want to change my password!" crap.
Anybody want to hack it?