Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick

OpenID and Subversion

Artur, David and I discussed how to make Subversion commits using OpenID authentication work today, without changing the subversion client.

Nutshell: client-side tiny HTTP proxy that does the OpenID protocol. Then transmitted user/pass is URL/signature. (well, signature with unixtime that's close to the server's unixtime, so server can implement, say, 24 hour anti-replay cache)

Result: we can grant people commit just by their URL, without giving them a username/password. And don't have to deal with "But I want to change my password!" crap.

Anybody want to hack it?
Tags: openid, svn, tech

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.