brad's life - OpenID and Subversion [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

OpenID and Subversion [Mar. 21st, 2006|12:44 am]
Previous Entry Share Next Entry
[Tags|, , ]

Artur, David and I discussed how to make Subversion commits using OpenID authentication work today, without changing the subversion client.

Nutshell: client-side tiny HTTP proxy that does the OpenID protocol. Then transmitted user/pass is URL/signature. (well, signature with unixtime that's close to the server's unixtime, so server can implement, say, 24 hour anti-replay cache)

Result: we can grant people commit just by their URL, without giving them a username/password. And don't have to deal with "But I want to change my password!" crap.

Anybody want to hack it?
LinkReply

Comments:
[User Picture]From: mart
2006-03-21 06:30 pm (UTC)

(Link)

Ha ha ha! It's horrible but I love it!

[User Picture]From: brad
2006-03-21 07:05 pm (UTC)

(Link)

Then the cool thing is we can set subversion properties on directories/files to give them commit.

$ svn propset "maycommit:http://mart.livejournal.com/" "1" some_project/

And then we have versioned history of commit access!
[User Picture]From: mart
2006-03-22 08:30 am (UTC)

(Link)

One thing that concerns me is that Subversion clients love to save credentials, and yet under this scheme the credentials would change for every request (I think?)

Or did you imagine this as a wrapper for svn that would trick it into using the right credentials? Not much good for people using TortoiseSVN, but I guess that's unlikely since most of this stuff doesn't run on Windows anyway.