Menu

#1 User management, authentication and authorization

open
nobody
None
5
2007-10-22
2007-10-22
Henrik Vĺglin
No

So far, only one login for administration and that allows for only user seems to be Admin (am I right?).

What I would like to see, would be user management, so that several users could manage the content and maybe more user roles, such as editor and registered users.

One way to surpass the need for an complex authentication feature would be to adhere to the OpenID single sign-on protocol. There's a network of secure remote services that allows for remote authentication of registered users, with the user entering their own unique URL for user name, taken to that remote servers login service, and when authenticated sent back to the originating webservice. Along with most of those OpenID authentication services comes a user profile, and some even adhere to providing vcards from the users profile. Those vcards could then be retrieved and used as stored locally and served as the hCard microformat inside (X)HTML, in pure (X)HTML, as they are or for any other purpose.

There exists multitude of ready to use open sourced php scripts and classes both for consuming and serving any of these technologies/formats, so it be merely a matter of integrating these, and I really think it should be done into the framework rather than as add-ons for performance .

BTW Is Mapix to be RESTful and serve an XML API as well as XHTML?

Discussion

  • IRCF

    IRCF - 2007-10-22

    Logged In: YES
    user_id=1796439
    Originator: NO

    Hi Henrik,

    I am not sure to understand the OpenID stuff you mentioned (I will google this to make my opinion but it seems interesting)

    I am very interesting in integrating any existing format in Mapix, but ideally I would prefer to use XML standards (is OpenId format an XML format ?) The idea of Mapix is to use XML as far as possible to handle the whole site.

    In first approach, I thought to create a simple users.xml and/or a groups.xml file using a custom XML schema, and maybe add a user and a group tag in the mapix XML schema that would reference users and groups, these tags could be encapsed in the page node, so when a page is requested and contains a user or a group tag reference, this user or group should be session-identified to acces the page.

    I had the idea of making this like that, because I am trying to transfer all the .htaccess functionnalities into the content/mapix.xml file (for example URL rewriting, error documents, user requirements...)

    Concerning your last question, i am not sure to understand it as well (i am french so my english is not very good, sorry...) : If your question is "does mapix serve any kind of XML documents ?" the answer is YES, Mapix ONLY serve XML documents ; you can for example get the Mapix official rss news at http://mapixcms.org/news.rss, this rss is in fact the sourceforge.net mapix project rss that is loading from mapixcms.org and reserved with the url "news.rss" (you will find this implementation in the new 0.4.4 release)

    I will search for OpenID documentation to see if this could do the job for mapix.

    Thank you for your idea Henrik.

    Mathieu Bautista
    IRCF at sourceforge.net

     

  • IRCF

    IRCF - 2007-10-22

    Logged In: YES
    user_id=1796439
    Originator: NO

    Hi again Henrik,

    After a brief look over the OpenID mechanism, it seems more and more interesting and more simple than I first thought.

    Besides, if the user card is in XHTML that would permit Mapix to load this and to use it for any purpose !

    I think i am gonna search for a good OpenId library to implement in next Mapix release, any idea of an easy to integrate PHP script ?

    Thank you again for this great idea Henrik.

    Mathieu Bautista
    IRCF at sourceforge.net

     

  • IRCF

    IRCF - 2007-10-22

    Logged In: YES
    user_id=1796439
    Originator: NO

    Hi again (and again ...),

    There is a mistake in my first message, mapix rss news are available at http://mapixcms.org/news/news.rss, not http://mapixcms.org/news.rss

    I will add the OpenID implementation in the TODO file in CVS.

    See you soon.

    Mathieu Bautista
    IRCF at sourceforge.net.

     

  • IRCF

    IRCF - 2008-05-02

    Logged In: YES
    user_id=1796439
    Originator: NO

    Hi Henrik,

    Your request is about to be realized : I am currently implementing users and groups permissions in Mapix. Each user account may be associated with an OpenId URL and the two ways of login will be proposed. These functions will be available for the next release 0.8.0. This version should be release before the end of the month (may, 2008).

    Thank you again for this great idea and I hope you will still be interested by Mapix CMS.

    Mathieu Bautista
    IRCF at sourceforge.net

     

  • IRCF

    IRCF - 2008-06-01

    Logged In: YES
    user_id=1796439
    Originator: NO

    Hi Henrik,

    Mapix CMS 0.8.1 was released today ! Mapix CMS now supports multiple users, groups and permissions handling via the /content/users.xml file.

    Each user may also be attached to an OpenId URL and identified themselves using it instead of the classic login/password identification.

    Unfortunately, I hadn't the time to implement the full OpendId process. This feature will be fully available in the next release 0.9 that will be released in july, 2008.

    See you soon.

    Mathieu Bautista
    IRCF at sourceforge.net

     

Log in to post a comment.