Closed jwulf closed 11 years ago
jwulf
commented
11 years ago At the moment we have the user identity in the browser after a commit log message. We can also capture it during a publish event, because the kerberos ID and PG ID can be assumed to be the same.
So the lowest orbital solution is to request the user identity in the topic editor in a "no commit msg" save. Then we have consistent and persistent identity.
jwulf
commented
11 years ago Adding the first low orbit solution - "consistent and persistent identity through the browser cookie" to Operation Endor.
So for Endor:
...and done. Attribution for every commit operation from the 'Star.
jwulf
commented
11 years ago The next orbit, which can be attempted in this launch if possible, or slipped to the next launch vehicle, is passport.js auth with session support and Facebook/Twitter login, which is more for show than anything else... because it won't buy us anything more than the low orbit above; but it will look hip and Web 2.0. Sometimes it's about the propaganda value comrade!
jwulf
commented
11 years ago Prefill Kerb ID from pg user id on publish request.
jwulf
commented
11 years ago See if we can auth protect the cspec editor and the topic editor from loading without an identity using passportjs
jwulf
commented
11 years ago To use the client-side Identity layer, include scripts/ejs_production.js and js/assets/pg-identity.js in a page.
Wrap any method in clientsideIdentity(), providing your method (as an anonymous closure if it needs to be called with specific arguments).
When your function is called, you can get the identity from the cookies. It would be better to make a global object for the user identity. That can come in the .1 release.
Integrate OAuth and OpenID using passport.js.
Users can log in with their Facebook or Twitter account in the first iteration, and then link that account with a PressGang User ID.
Use sessions to store their identity while interacting with the server, and correctly attribute all their actions in PressGang.