search

veritus / veritus-backend

1 stars 0 forks source link

Add Íslykill authentication #21

Closed AriHrannar closed 7 years ago

AriHrannar commented 7 years ago

@AriHrannar commented on Tue Feb 28 2017

From their website it seems to require some contract signing and things like that. Id say we prototype a bit (I have added a library for some basic signup / login) before doing this. But I say this should be the future and only authentication object (to prevent abuse when we crowd source some things like tag generation)

AriHrannar commented 7 years ago

Technical information Instructions

Seems like we need to send them

  1. Secure (HTTPS) return URL to redirect user after authentication
  2. Logo

Maybe it is a bit too much to use Íslykill instead of just custom registration or social login (facebook f.x.).

Only thing I am a bit worried about is spammers as there are definitively some incentives in creating a lot of dummy accounts and creating fake data if we crowd source some functionality. We can take that discussion when we actually reach one of those!

skabbi commented 7 years ago

Reading over this issue makes me think it's a bit premature.

The comment "I am a bit worried about is spammers" makes me think that a issue is needed to define requirements, e.g. enforce real identification (Íslykill) or allow possible anonymous sign up (social login).

And "Maybe it is a bit too much to use Íslykill instead of just custom registration or social login" makes me think that an issue is needed to research pros/cons of different authentications.

AriHrannar commented 7 years ago

Yeah I agree its a bit premature, at least for a first version.

My thinking process is that we will likely have to crowd source some of the work in maintaining the platform. Like gathering promises and connecting them to cases on Althingi.

Since that is a large part of how the system works, it would be nice to be able to link actions directly to people. As I can see value, for politicians that want a better score, to fake data using dummy accounts. That will make it harder to determine whether their actions are legitimate.

Whether that will be an actual problem, or just my worries, is hard to say :)

Possible solutions that I can think of:

  1. Use Íslykill Pros: Cant create fake accounts Cons: Hassle to login

  2. Selected admins spend their time on connecting promises and cases (admins could be us, maybe some journalists we can trust) and most people login in Facebook Pros: No hassle logging in. I guess a bit harder to create fake accounts with Facebook than if we use email? Cons: Have to spend our time managing the platform. Have to find some other people we can trust not to abuse the system :)

We are going for 2 now ( @Ragnar-H is starting to work on some admin features) but I wanted to keep Íslykill open for now, if we think it will be a proper solution to the problem

AriHrannar commented 7 years ago

I am closing this in favor of the more general #55